So my company decided to migrate office suite and email etc to Microsoft365. Whatever. But for 2FA login they decided to disable the option to choose “any authenticator” and force Microsoft Authenticator on the (private) phones of both employees and volunteers. Is there any valid reason why they would do this, like it’s demonstrably safer? Or is this a battle I can pick to shield myself a little from MS?
Do hardware tokens support Linux nowadays?
Depends on the type of token. The type that would be needed in this case doesn’t need a computer to use, it displays the codes on a small screen.
There are also key generators used for electronic signatures that need to be connected to the PC; those can work on Linux but it depends on whether whoever provisioned them wanted to do that. Lots of companies who issue such tokens only put the Windows stuff on them.