This is an automated archive.

The original was posted on /r/sysadmin by /u/slewis_1972 on 2023-10-24 15:34:01+00:00.

Ok, seeking sanity and why.

Going through a huge transformation. We have 2500 employees that only access their personal records/HR/training via a specific online systems, dont need email. MFA is being turned on by new vendor - fine by me ( have requested it) especially as some of those users are others managers and have access to multiple accounts in this system. Note, we have scope to goto 4500+ employees in next 2 years.

We are in the UK. So, my question is, SMS for MFA ( but am querying if they are going to do what MS plan to and make it not for primary unless you override ) but also the relevant App from supplier if they wish to install on a phone.

Now, push back from staff to use own devices for MFA. My head is telling me cheapest option is then to use Oath hardware token. £10 a user if that. Or has anyone seen it enforced in a users contract to use own device?

Update: sanity check over, thanks. If they don’t agree as simplest solution for them is to use own device, oath hardware tokens it is…