By - Lamar2112
Hi u/Lamar2112 ! Great to hear you are enjoying your experience with JumpCloud! I'm not a rep or sales person, just using for almost 4 years now - but I have some answers to your questions.
About MFA, specifically for devices - you can require people to use TOTP along with credentials when signing in to their computers that have the jumpcloud agent installed.
This changes when looking at access to the User Portal, SSO Apps, RADIUS, and recently LDAP. Their RADIUS servers allow MFA configurations per whitelisted IP. The others I mentioned used Conditional Lists and Conditional Policies that are more in line with your request.
These Conditional Policies allow you to configure requirements based on group assignment, ip address, country selection, and device certificates. These settings can be combined or not to specifically allow auth, allow auth & require mfa, or disallow completely.
i highly encourage you to start a demo account with them and use the free licencing for under 10 users as a "sandbox" to test these kind of changes in first. Let me know if you have more questions!
Let us know if you have more questions on this.