While I fully understand the importance of two factor authentication where warranted, there are situation where its excessive.
The good example for an over-reach with 2FA is the Sophos Central dashboard. Why is 2FA not optional in the dashboard? I only use the dashboard for managing my Intercept installs/clients and 2FA is beyond excessive for this.
If your position on this is because the dashboard also provides access to critical hardware, there is a case for forcing 2FA however; doing so penalizes those without the need for 2FA.
Sophos needs to make 2FA optional.
