I'm pretty happy that I trialed this module before my boss handed over money for it as it would have never worked in its current state.
The reason for this is we use 2 factor authentication for portal access outside our office and the Mobile Device "agent" appears to use port 443 instead of the normal agent port of 5721. As a result the Mobile Device "agent" or app as I prefer to call it fails to authenticate until it connects to a Wireless AP in a network where direct HTTPS access to our Kserver has been allowed.
So far it appears that no planning is done around new solutions for customers that use 2 factor authentication as this is the second module that I have trialed that requires direct HTTP/HTTPS access to the Kserver.
A suggestion I would make to improve KMDM security would be something like an Edge server that would receive Mobile Device "agent" data without the need to expose your Kaseya Server to the world.
To be fair, this really isn't a 2-factor authentication issue, but rather that Kaseya has changed the agent check-in specs. The team that designed the mobile agents clearly didn't read the standards used for Win/Mac/Linux agents and decided to re-invent the wheel. I understand why 443 was added...some hotspots block non-standard ports...but it should have been added as an option and not as a new standard. For those of us who, like HardKnoX, do not allow Internet access to the VSA except for agent check-ins (and boy does Kaseya support really hate this) changing the check-in port renders KMDM useless for tracking purposes.