An old colleague just told me:
"we actually got audited by our cyber security insurance provider and they enforced us to have MFA on literally everything. Down to the switches. It was huge pain in the a**."
Have any of you ever faced challenges related to audits?