Microsoft (Azure AD to be more precise) single sign on can be configured in a few ways and SMS can be disabled.
If you really care about users not needing BYOD, you can restrict 2FA to hardware keys.
That said I think the overall sentiment of your post still stands, as most orgs just push the device issue to the user (either they need a phone of SMS, push notifications or OTP).
If you really care about users not needing BYOD, you can restrict 2FA to hardware keys.
That said I think the overall sentiment of your post still stands, as most orgs just push the device issue to the user (either they need a phone of SMS, push notifications or OTP).