Re: The elephant in the room
> But then require you to have your own, presumably consumer grade, Android/iPhone to run the Microsoft 2FA app to get onto the corporate network
We've got a "virtual 2FA smart card" solution that doesn't feel like 2FA because it boils down to having yet another password (AIUI the something-you-have is "provided" by a file on the computer/LAN).
Not that the expectation of owning a personal on-contract smartphone already went away - signing the employment contract document was a case of "simply install and run this Android/iPhone touchscreen input app and transfer our PDF to/from it" (not a hard requirement, but I had to ask to find out *sigh*), and we have "lunch and learn" video meetings where participation is easier with a phone app than a browser. In the latter case I've had to commandeer the dinner table for the laptop and monitor, so if I've moved the keyboard to eat I'm not also free to join in...