Our company is looking to implement Multifactor Authentication through Microsoft. We have over 55+ locations where staff work from. They use shared devices (laptops). I have looked into setting up conditional access with our ISPs for each location, though this looks to add a good chunk of annual cost through monthly subscriptions for static IPs. What is the correct thing to do?
My major concern is staff being unable to clock-in/out through our web-based app because they may not have a cellphone for authenticating with MFA when prompted. What is the common practice? I know every company goes through this same process when implementing MFA. Currently, a smart phone is not a requirement for our staff to complete their job – therefore we do not feel comfortable saying this is something you need…