Variants of the following work for me, but once I add an IP-Address filter, it never fires: I am asked to MFA on the machine with IP 145.151.139.145. So what is wrong or how can I debug to see what the x-ms-client-ip is returning for a given call (logfile?) Any tips appreciated!
$RhtMfaClaimRule = 'NOT EXISTS([type =="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip", Value =~ "^(?i)81.151.139.145$"]) => add(type = "http://schemas.company.com/temp", value = "true" ); c1:[type == "http://schemas.company.com/temp"] && c2:[type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", value == "false"] => issue(type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", value = "http://schemas.microsoft.com/claims/multipleauthn" );' Set-AdfsAdditionalAuthenticationRule $RhtMfaClaimRule