Lots of companies do in fact treat MFA this way. Microsoft's AAD^H^H^H sorry, Entra ID has conditional access rules that forgo the need for MFA when signing in from known locations, and lots of companies make use of that.
But it's becoming more and more popular, and in many cases necessary, to adopt a "zero-trust" approach to all devices no matter where they are located.
That login attempt coming from your office LAN — how do you know it isn't an automated request from a compromised device? If you are enough of a high-value target, do you think it's inconceivable that someone might try and hop on your wifi network from the parking lot?
I might have the MFA devise built into the Synology, were I designing it myself.
Just a little 7-segment LCD on the front of the cabinet. Those are what a buck or two, and my 8-bay cost about $1000... it's not a big additional cost.
If you can input the number on that, you're provably local. I don't know if that truly solves the problem, a high-value target might have someone posing as an outside contractor to get an eyeball on it, I guess. But for me at home, it'd be sufficient protection.
But it's becoming more and more popular, and in many cases necessary, to adopt a "zero-trust" approach to all devices no matter where they are located.
That login attempt coming from your office LAN — how do you know it isn't an automated request from a compromised device? If you are enough of a high-value target, do you think it's inconceivable that someone might try and hop on your wifi network from the parking lot?