Whitelist Public IP to bypass Duo MFA Verification

Can anyone tell me if it is possible to whitelist a couple of public IP addresses so that when a user at a site tries to log into our RDP system, it skips the Duo MFA process based on the public IP address he/she is coming in from?

Thank you for your assistance.

Hi @BretA-EP, welcome to the Duo Community! I understand that you are currently using Duo for Windows Logon and RDP and you’d like to allow users accessing RDP from a few specific IP addresses to log on without being prompted for multi-factor authentication. This is possible using an Authorized Networks policy. You’ll want to set Authorized Networks to Allow access without 2FA from these networks and specify a block of IP addresses, IP ranges, or CIDRs as a comma-separated list.
Hope that helps!

P.S. Please note that this will only work for RDP sessions and not local console logins.

Thanks Amy. I appreciate this information. I just want to make sure that I am clear on one thing with this process. If I add the authorized networks, then those users coming across the listed IPs will not get prompted for Duo authentication. However, if they are outside of those approved and listed IPs, then they would get prompted for Duo verification.

Am I correct?

Yes, that’s correct!