Jamf Nation Community

That would certainly be a workable solution

@nick-at-artsed Jamf support couldn't give me the IP addresses that the connector is using for Azure, but after going through the Azure failed sign-in logs, I put all of the IP addresses that were labeled as Jamf Azure AD Connector into a named location in Azure AD and and marked them as trusted. I then exempted that named location from our conditional access policy. So far, so good.
I'm not sure what range of IPs the Jamf connector is using, so I may have to keep adding to the named location. We'll see how it goes.

Running into the same issue here. Where do you whitelist the IP's in Azure?

This eventually worked for us without the need for whitelisting IP's we just have a policy that applies to a group of users / all cloud apps / Jamf Connect excluded / require MFA

@jameschuong   Apologies for the delay in replying.  Hopefully you already have your answer, but if not:

You can create an IP range location in Azure AD by going to Security  - Named Locations.  Then you can click on '+ IP ranges location', give it a name (something like Jamf Pro Connector), and add the IP addresses.  Then go back to your CA policy and click on Conditions.  Then in the Locations tab, add your new Named Location to the Exclude list.

We did this about 8 months ago, and have had no issues with it so far.

Just found the list of IP address that JAMF is using. It doesn't match any of the IPs mentioned above, but it does include the ones that I'm seeing currently in sign in logs. Also, for anyone wanting to know how to whitelist IP addresses for conditional access policies, you need to create a named location. Just go to Security > Named Locations once you are in active directory. You will then add the named location as an exclusion under the Grants of the conditional access policy that is requiring MFA

https://learn.jamf.com/bundle/technical-articles/page/IP_Address_Changelog_for_Outbound_Traffic_from...