NOTE: This is set to NO when using CAPs to require MFA for device join