We have a very small IT staff, so having IT touch every machine
(including the hundreds that are already in users hands that need
enrolled) just isn't possible for us. Ultimately we're going to use DEP
to enroll new machines, but we still want authen...
@bpavlov The issue is that we have to disable 2FA for all requests
coming from whatever server is hosting LDAP, and our security team won't
allow that.