Forgewell Help Desk

The MFA Registration - Trusted Location Only CA policy prevents MFA registration from happening in a "non trusted" location. 

If you need to assist a user that needs to setup MFA and they are not in a trusted location - add them to the "MFA Registration Allow" group temporarily, configure MFA and then remove them from this group:

If an IP Address is changed or added for an existing Named location (Entra Admin Center --> Conditional Access --> Named Locations), choose the location and add / delete. 

For a new location, choose the plus sign next to IP Ranges Location and configure. Make sure to check the "Mark as trusted location" box.