You can add rewrite rule in web.config to allow defined whitelisted IP addresses access to cms.
Your admin url /episerver will be restricted by whitelisted IP addresses.
There's many options
I would suggest where possible not doing things requring config changes as in my experiences external IPs aren't always fixed and upkeep can become a nightmare
Looking for best practice on securing or limiting access to internal users to the episerver login page for editors.
The site is currently publically available and the login is linked to active directory.
We could possibly implement MFA, I have seen a couple of implementations in episerver blogs but it will take work.
Would limiting by internal IP address be possible? Perhaps a reverse proxy?
Wondering what others have done in similar circumstances.