This section explains how to configure the rollout option in the following two scenarios:
- Organizations where limited administration is required: In this scenario, users are switched to token authentication as soon as a token is registered with their user account. No administration is required.
- Organizations with less Defender users, or where token self-registration is not in use: In this scenario, when a token is registered to the user account, administrative action is required to move users to the correct Active Directory group.
In both the scenarios the following security policies are required:
- Token
- Active Directory password (rollout mode)
