Thanks all!
I think our approach going forward will be to adopt the use of Kerberos in more of the environment. This allows a common-sense approach without hitting the user with constant 2FA requests. If the user doesn’t have a valid krb ticket, th...