Azure AD Judgment when InsideCorporateNetwork Claim with ADFS is Used

Today we will go through a small topic but very important one. This article will explain some scenarios where InsideCorporateNetwork claim may behave in unexpected way.

before going deeply in some scenarios, let’s start by explaining in which scenarios InsideCorporateNetwork are used, typically when your domain is federated and you have AD FS on-premises, Azure AD will traffic all Authentication request to AD FS (Externally through WAP) in order to get a token to allow user to Authenticate as Azure AD has no info about the user credentials.

Some customers preferred to take an action based on where is the user connecting from, for example the customer may have an azure conditional access that require the user to pass the MFA Challenge such as phone call after the user passed the primary authentication method like username/Password. In some scenarios customer prefer to ask for MFA for example if the users only connecting from outside the corporate network as they believe that connecting from the internal corporate network does not need MFA since they are sure no un-authorized person is connecting internally which make sense.

Continue Reading in my blog: https://azuredummies.com/2019/04/28/mfa-evaluation-when-using-insidecorporatenetwork-claim-with-ad-fs-is-used/