[DANmode]

There's no way to enforce MFA? How do you figure?

Give new users a very short window, or not able to use until their hardware key, phone enclave, etc is registered for MFA.

You could even go as far as to send pre-registered hardware keys by mail, or have them picked up from HQ upon hire.

Certainly would have solved some of the recent "who actually works in infra at Twitter" debacle, now that I'm thinking about it.

[xxpor]

That's how you get people to use MFA, but AFAIK there's no feature in Discord to a) federate with a directory like AD or b) force users on a server to only be able to sign in with a hw key

[pid-1]

How do you know folks are using their hw keys to log in discord?