Windows Logon and 802.11 WPA2-Enterprise using WIndows account

We switched from WPA2-PSK to WPA2-Enterprise for our wireless clients (laptops)
Laptops connect to the wireless network using the currently logged in account.

We’ve also set-up DUO MFa for local (interactive/console) logins.
The users are send a push message when they login and have an offline code available.

When in the office, since the laptop is not connected to the wireless network until logon, users are now asked for their offline MFA code.

Is there any way to still have them get send a push notification when using the internal wireless network?

I would even prefer a bypass for MFA all together when our users are at the office.
I.e. if a client is connecting from a specific IP-range.

How have other admins set up local Windows logons combined w/ Duo MFA and wireless 802.11x networks?