Restrict MFA factors by user

I want to know if it’s possible to restrict MFA factors by user. I see a bunch of other answers about restricting MFA all-or-nothing but what we’re interested in is only making Voice/Email available to specific users.

For example, we want to enable Push, TOTP for everyone, and Email (which, unfortunately requires Voice/SMS to enable) to very specific subset of users. Email/Voice/SMS aren’t secure but we have some users who don’t have cell phones (call center environment) so they only have access to voice and email.

How can we keep all the users in the same tenants but restrict Email to only specific users?

Using a rule seems to only permit the predefined providers:

1 Like