For some of my applications in Azure they are authenticating to my Azure AD using user accounts and they are being caught by my conditional access policy which is enforcing MFA due to being off-prem.
I was wondering would it be best practice to assign the resource in azure a public IP and then add that to the MFA trusted IPs? So then when the application attempts to authenticate from that IP it is not caught by the MFA policy
I have a few questions:
1) Is the public IP address assigned to a resource consistent i.e. can you confirm that the IP never changes and is solely allocated to that resource? Also that it is not behind a proxy which also serves other tenants?
2) Is this the best way around the solution and most secure?
3) Would app passwords be a better solution
I'd appreciate any help, thank you!