One of my co-workers recently had their RSA token expire and had to go through the process of renewing it. When they did they were denied a hard token renewal instead the form informed them that moving forward all Bank personnel are to use their personal phone and install the RSA app on it and that is how you will get your RSA code moving forward... They have been using it ever since.
I work in Azure as well and within the last few weeks my SMS/voice option was disabled, another coworker of mine was using Google authenticator and that no longer works either.
Without publication and without broadcast the Azure MFA options were all deprecated except for one and that is the requirement to use Microsoft authenticator app. I asked my manager how the bank is legally allowed to force me to use my personal phone to install software to do my job and not offer reimbursement and my managers reply was "if you don't like it look for another job this is the way it is now".
Just wondering with everything the way it's going right now how people view the new requirements of being forced to use your personal phone to install software for business use running up your internet bill and more and not being offered reimbursement? Is there any legal concerns here?