Every day the scenario checks in Okta whether everyone has login protection on, warns them in Microsoft Teams and deactivates keys once you confirm.