So with the recent email about LSA finally going away this year, we're trying to be pre-emptive and get ahead of this with our "service account" types of accounts.
We're wondering if there's a way to do any 2sv/mfa en masse using GAM (or GAMADV-XT3)?
We have an OU in Google with mfa turned off because they're accounts that are intended for service type actions (eg. a scan to email printing account for example, or the president of our organization, or admissions for incoming student information, etc.). Some of these accounts are true service accounts that need an Google presence (think App1, App2, etc.) that sent emails as the particular user. Some of these are actual humans interacting.
My understanding is LSA going away won't interrupt a human signing in via the webpage (gmail.com), but will affect the non-human accounts configured on servers/applications (scan to email for example).
We're wondering if there's a way to utilize GAM to do bulk configuration changes around this, vs signing into 200+ google accounts and enabling mfa (with a single/redundant yubikey), and then creating app specific passwords.
Initially we would not be enforcing mfa for the human accounts, a topic my manager will be bringing up to executive staff
I know Kim's response already, but this is our environment as it stands and will be around still when LSA goes away, and isn't going to be changing it's structure at this time and is outside the scope of this question 😂
