Most of tour staff work from their personal devices. We have some computers in the office, and we hope to have some in the classrooms too.
We want to enable the staff and faculty to use these devices, but we want them to be required to use the 2fa when using them. We can't rely on the "this is a public computer" because it can be turned off.
Is there a way to do that? Can we restrict devices or IPs from entering the "Recognized devices" list?