Had trouble finding any info on this besides using the version of ADFS that comes with 2012 R2, configuring the exceptions through powershell. In ADFS in Windows Server 2016, you can know utilize Access Control Policies to configure rules around how users authenticate to ADFS. In our setup, we have a classic example where when client’s are in the office, they should automatically login using Windows Integrated Authentication (essentially that they are not prompted for credentials). When the users are not on the corporate network, they should be forced to utilize Multi-Factor Authentication (MFA for short).
Note there are some requirements for this setup.
You need to have ADFS deployed utilizing an ADFS proxy server to the intern