Can we disallow the email authenticator when user logs in from certain IP range

I want to disable the email authenticator if the user is logging in from untrusted network (out of certain IP ranges). When I checked the authentication policies, I can only see the option to “exclude email and phone authenticators” when some conditions are met. The thing is we don’t want to block the phone in this scenario. Is there something I have missed? Any help is appreciated.