@Tom What about the other mitigations I mentioned between now and getting Azure SSO.

"Helpful control's that are maybe easier to implement than Azure SSO would be:
System administrators should be able to force the setup of MFA for users while we wait for Azure SSO integration.
Without the ability to enforce MFA system administrators should be able to see which accounts have MFA enabled and which don't."

Please add the ability to link at the system level to existing Azure Active Directories to relive the need to manage local accounts. This would also enable organizations to use their existing SSO and MFA workflows.

For decentralized organizations this is essential for implementation to easily spin up new sites and use existing directories to determine not only authentication but also authorization.

Ideally a group in Azure would map to a Site in SecTeer. So that managing who can access what sites is done entirely inside of your existing directory using groups. Having a third party app with it's own set of local accounts add security issue that some organizations will not be comfortable with.

Helpful control's that are maybe easier to implement than Azure SSO would be:
System administrators should be able to force the setup of MFA for users while we wait for Azure SSO integration.
System administrators should be able to see which accounts have MFA enabled and which don't.