We are piloting a test rollout of RSA securID with the adfs agent for office 365. In our testing we discovered that using trusted location or trusted networks in our policies is not working correctly. For some reason the agent is seeing the IP of our load balancer, and not the IP of the client that's authenticating. So it thinks all authentications are from our internal network or in our geograhical location. I can set access control policies in ADFS to allow all from intranet and MFA from internet and that works fine, so I know the client IP is reaching the ADFS server. That would be a good workaround for us, however we would really like to be able to use location in our policies as well, and as far as I know, adfs access control policies can't do that. Has anyone else run into a similar issue with the adfs agent?