Jamf Connect and Azure Conditional Access MFA

nick-at-artsed
New Contributor III

Does anyone know a way to exclude Jamf Connect from MFA in Azure Conditional Access?

I have created a web redirect URI to make Azure see the app registration in conditional access but when I add this as an exclusion users are still asked for MFA.

Thanks!

5 REPLIES 5

jaellington
New Contributor III

We want to try treating the connector IP address range as a trusted location, but have not been able to find the range that Jamf connector is using. I can see individual Jamf connection IP addresses in the Azure sign-in logs, but it would be nice to have the CIDR address

nick-at-artsed
New Contributor III

That would certainly be a workable solution

jaellington
New Contributor III

@nick-at-artsed Jamf support couldn't give me the IP addresses that the connector is using for Azure, but after going through the Azure failed sign-in logs, I put all of the IP addresses that were labeled as Jamf Azure AD Connector into a named location in Azure AD and and marked them as trusted. I then exempted that named location from our conditional access policy. So far, so good.
I'm not sure what range of IPs the Jamf connector is using, so I may have to keep adding to the named location. We'll see how it goes.

@jaellington any chance you'd be willing to share the list you've come up with? 🙂

 

@raymondap   so far:

 
 
54.208.14.206/32
 
54.208.84.215/32