We currently use Microsoft MFA to authenticate users to ZIA and to as 2 step Auth. for the email accounts.
MFA can be disabled when users are connected from the office by white listing the office’s public IP from the Azure MFA settings (Azure AD Admin Portal). If we add the ZEN IP range this will raise a security concern that someone can use the ZEN IP as a way disable a user’s MFA.
What is the best approach for this and does Zscaler provide Static Public IPs.