Hey everyone! We're exploring two-factor authentication options for our local government office, which has about 200 employees. We have a mix of Windows environments with some local domain controllers that sync to our M365 tenant. We're specifically looking for cost-effective solutions that are easy to implement. Since we can't require employees to have smartphones for authenticator apps, we've considered alternatives like Windows Hello and smart card readers. Any advice or personal experiences with good 2FA options that balance price and ease of use would be really helpful!
1 Answer
If you can go with Windows Hello for Business, I’d recommend it. It's super simple, secure, and convenient. Otherwise, you might consider giving employees an option between a personal phone app or FIDO2 hardware keys; most tend to prefer the phone app. Just make sure to weigh the pros and cons of each for your setup!
Also, the Secure Enclave feature in the company portal app is great for Mac users. You don’t need to go through Intune, but you will need MDM set up. It works similarly to Windows Hello.