Disable admin 2-step verification
MFA for Admin credentials in a business environment should NEVER require an admin to provide PERSONAL information in order to verify identity.
Existing requirement is limited only to provide a Phone # (seemingly ONLY a Cell#) and a 2nd Email address (which is not related to the domain) and this has more of the appearance of data-mining rather than MFA.
Not everybody has a company-provided cell phone. Verification call back to a PBX cannot navigate an extension. Even when having it call a direct dial number to my desk, the message is that verification was not possible.
This is infuriating and unprofessional when there are no other options to authenticate the account within a normal corporate environment.
Furthermore, when an admin calls Support due to the lack of MFA options that will work without providing personal phone or email data, the support staff should have the power to determine identity and validate the MFA for another 180 days when the limited offerings WILL NOT WORK.
Even better, if the admin could disable MFA for Admin credentials entirely if they choose to.