You are responsible for the Office 365 security in your organization. You have an Azure AD tenant on the free tier. You have enforced multi-factor authentication by enabling Security Defaults for all users. You want to add your on-premise IP range as a trusted IP, to bypass MFA request when working from the office. 
What should you do?

Answer options:

A.In the multi-factor authentication service settings, add the trusted IP address
B.In Azure AD create a new security group
C.Update your Azure tenant to a paid tier
D.Create a conditional access policy

Correct Answer: C 
Adding trusted IP-ranges requires your tenant to be on the Azure Premium P1 or Azure Premium P2 license. The only way to enforce MFA on users with non-administrator roles in an Azure AD Free tenant is by enabling Security Defaults. But as displayed by the exhibit below, Trusted IP is not available on the free tier. 

Option A is incorrect. This is where you configure the trusted IP settings, but in this scenario you must first upgrade Azure AD to a paid tier. 
Option B is incorrect. Creating a security group is not correct.
Option D is incorrect. Conditional Access policies requires an Azure AD P1/P2 license. 
Reference: To know more about MFA features, please refer to the link below: 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing