How is user access to the system controlled? Do we provide support for any two-factor authentication mechanisms?

Azure AD, 2FA is down to the domain administration as it is SSO.