Microsoft Named Location - 2FA/ Multifactor Authentication
Due to the nature of how Microsoft works, we currently are required to have a Microsoft Azure 'Named Location' created in your Azure tenant. This 'Named Location' also needs to be marked as Trusted.
Please create a name location with our server IP's:
135.181.161.168/32 - EU (Finland)
54.253.156.205/32 - ASIA (Australia)
5.78.30.6/32 - US (United States)
You will also want to run the 'What If' tool to identify what policies you will need to adjust.
Once you are in the What If section, select your admin user and the correlating server IP & country from above which matches your region your Microsoft Tenant is in. Clicking Run will show you what policies which are blocking your login. Be aware of the State column. Those labeled as 'Report-only' will not effect your login.
Customers who regularly use Conditional Policies will need to add their global admin to be exempt from Multi-Factor Authentication for the initial setup of the Trifecta Teams tenant. You can remove your global admin after you are fully logged into the portal and you can see all of your users on the Users page.
Now go to each of your policies and adjust the following.
Now we want to
ensure your tenant policies are excluding the new Named Location.
In some instances we have found that Microsoft may black mark a user. This user will not be able to login, even though the conditional policies are allowing you they can get through. If this happens, you will want to create a new user with the same permissions, and ensure that user is allowed access to the portal. Sometimes you can un-black mark the user by checking the 'Risky Users' section of your Azure tenant.
Though this is not ideal this is the only way we found to address this. We've seen this happen even with certain areas of the Microsoft portal as well. Preventing purchasing of products or any number of things.
How do I check why I am being blocked?
If you login to your Azure portal, and type in Conditional Policies in the search bar, you will be brought to your Conditional Policies section. If you click Login Logs on the left, then you can see the list of logins.
What you see here is we are being blocked on the MS Teams Powershell cloud app.
If we click on the login, and then 'Conditional Access' at the top, then we can see what policies are blocking our login from being successful.
Going into each of these showing 'Failure' and setup the Named Location exclusion as shown above.
Related Articles
Using Microsoft Teams after Phone System Activation
Below will be a short walk-through on how to use your Microsoft Teams client for dialling internal and external numbers. Using Microsoft Teams with Telephony Enabled Once you login you will be brought to a screen like this. What you will notice ...What permissions do I need for Trifecta Teams?
Our platform is 100% dependent on Microsoft 365 admin permissions that are assigned to your account in Office365. As the platform grows with new features we will time to time require different permissions. Below are the current minimum permissions ...Microsoft Teams Network Requirements
If you are having network issues or you just are using the Microsoft Teams phone system for the first time, then it is important to review your network security to ensure it's allowing Microsoft to get to you with no difficulties. Below is the link ...How to set Microsoft Teams as your primary telephony client (Windows)
Go to your Windows icon and then start typing the word Default. Scroll down Click ‘Choose default apps by protocol Scroll down to SIP Set they two options for SIP and SIPS to Microsoft Teams as show here. Lastly scroll down and change TEL: to ...How to Enable a User to Have Teams Dial Pad
Let's first login to the Trifecta Teams app portal with our Microsoft credentials. https://app.trifectateams.net Once we are logged in, we will want to go to Users to see the list of people in our company. We first want to make sure that we have ...