Merge pull request #242973 from Justinha/trusted-ips

added note about CA and per-user for Trusted IPs

Author: prmerger-automator[bot]

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 05/30/2023
+ms.date: 06/26/2023
 
 ms.author: justinha
 author: justinha
@@ -257,6 +257,9 @@ If your organization uses the NPS extension to provide MFA to on-premises applic
 
 Trusted IP bypass works only from inside the company intranet. If you select the **All Federated Users** option and a user signs in from outside the company intranet, the user has to authenticate by using multi-factor authentication. The process is the same even if the user presents an AD FS claim.
 
+>[!NOTE]
+>If both per-user MFA and Conditional Access policies are configured in the tenant, you will need to add trusted IPs to the Conditional Access policy and update the MFA service settings.
+
 #### User experience inside the corporate network
 
 When the trusted IPs feature is disabled, multi-factor authentication is required for browser flows. App passwords are required for older rich-client applications.