We have a security requirement in which we aim to prevent two factor authentication being performed with a device that our organisation does not control or own.
However, I cannot find any way to make this so. Even with a mobile number entered, on my standard user account I can set up and configure another.
I want to enforce usage of two factor authentication to numbers that I have specified, and remove the option for users to choose their own. Is this possible?