Good morning. I'm going back and forth with my service desk on what recovery type they should be using for MDE 7.2.8 and a smart card (Yubikey). For what it is worth, we enforce smart card usage at PBA as well as Windows log-in, but we do not do SSO.
Basic definitions of what I *think* I understand:
Reset to Password Token: resets whatever token the customer has (smart card, biometrics, password, etc.) to using a password instead.
Reset to Token: resets whatever token the customer has.
If the customer calls into the service desk with "token payload invalid" (which typically happens when a customer is issued a new Yubikey), I've instructed them to use the "reset to token" recovery type so it resets all the smartcard stuff.
As it turns out, the service desk prefers to use "reset to password token" recovery and, they advise, they have great success with it (except for a subset of users who have repeat issues when we have to reset the token (via query, but I believe the recovery performs the same thing).
So. My question. Should I be pressing the service desk to use a specific recovery type? if so, which one and why? If not, why?