Our organisation is in the process of rolling out MFA across all users, and our testing phase is coming to a close so we'll be pushing everyone to sign up within the next couple of months.
One of our concerns is that if a user leaves their phone at home and needs to sign in using a method other than the Authenticator app or a code via text, there doesn't seem to be an option aside from "turn MFA off for the user" to allow them to log in and work.
We require everyone to add an alternative email address to use MFA and SSPR in the organisation. Is there a way to use this email to receive a code to allow login? We don't have an on-premise phone system that would allow code delivery so this isn't an option unfortunately. Turning off extra security really isn't an option and can be abused repeatedly.
Any guidance or alternatives would would greatly appreciated :)
Many thanks, Nicola