Allow organizations to randomly send an MFA request to test/train the user
Some organizations are testing their users by an anti-phishing campaign. The idea is simple: the organization randomly sends a phishing email to the user. If the user clicks on the link, the user is informed about the campaign and how to prevent this from happening again. If the user clicks on a link for the second time, the user is required to complete a training on this topic.
I would like to see this for MFA as well. MFA blocks 99.9 % of all the malicious authentication requests, but that's when we assume that the user is completely aware of why MFA is important and when to decline an MFA request. It will also filter out users that give their password to other users (e.g. manager to assistant) so they can work from 'their account'.