The objective is to enforce two-factor authentication (2FA) for external connections while bypassing it for trusted internal connections, such as the office Wi-Fi. The most appropriate and standard method to achieve this is by configuring the authentication system to recognize the office network as a trusted location. Implementing an allow list (whitelisting) for the office's static public IP address or internal IP range creates an exception rule. This rule instructs the system to not prompt for a second factor when a user's connection originates from this trusted, pre-approved location, thereby resolving the issue without weakening security for remote access.

A. Disabling Wi-Fi is a counter-productive measure that disrupts business operations and fails to address the actual 2FA configuration problem.

C. Removing 2FA would completely negate the intended security enhancement, leaving all accounts vulnerable, especially to external threats.

D. Changing the token type from soft to hard does not alter the conditional logic that determines when the 2FA prompt is triggered.

1. Microsoft Corporation. (2023). Use the location condition in a Conditional Access policy. Microsoft Learn.

Reference: In the section "Named locations

" the documentation explains that administrators can define specific IP address ranges (e.g.

a corporate headquarters network) as trusted locations. These locations can then be used in policies to "bypassing multi-factor authentication for users who sign in from their corporate network." This directly supports using an IP-based allow list as an exception.

2. University of California

Berkeley. (n.d.). Duo - CalNet 2-Step. Berkeley Information Security Office.

Reference: University documentation on implementing Duo 2FA often describes features for managing authentication prompts. While not a formal course

this material reflects standard IT practice in a reputable academic institution. It outlines how network location policies can be used to differentiate between on-campus (trusted) and off-campus (untrusted) connections to adjust 2FA requirements

aligning with the principle of IP allow listing.

3. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson.

Reference: Chapter 8

"User Authentication

" discusses context-based authentication. The text explains that authentication systems can use contextual information

such as a user's IP address

to make a risk assessment. A login attempt from a known

trusted IP address (like a corporate network) is considered lower risk and may be subject to less stringent authentication requirements

such as bypassing a second factor. This academic principle underpins the solution in option B.