Why is the MFAManualLogon.form Form still accessible with Federated Security enabled?
This is as-designed. It is not uncommon for manual to be offered for non-domain joined users (or non-trusted domain or non-federated domain). Also it is typical that federation is used for internet logons, but manual or windows is used for Intranet logons.
One alternate solution is to delete this form from KTA. Note that on a major KTA upgrade, this form may be imported.
Level of Complexity
Add any references to other internal or external articles