I really liked my windows phone a lot. Honestly a lot more than my current iPhone 6. But I need to use second factor apps to log into my company's vpn, and those apps aren't on winphones.
If it supports the OATH/IETF RFC standards (and almost all two factor systems do/should), the Authenticator app that comes preinstalled with Windows phone supports it right out of the box. (Your company's VPN administrator just may not realize that.)
The interesting irony recently is that my own company just sent an email encouraging our VPN users to download the (very same) Microsoft Authenticator on iOS and Android as it is now the most reliable cross-platform 2FA app.
I don't think it does (although I'm not 100% certain). We use Duo Mobile[0], which pushes a challenge to the phone, then I have to acknowledge it. It's not the standard "enter the 6 digit code" that Google Mail and most 2 factor systems make use of.
Damn, there's a Windows Phone 7 version too: https://guide.duo.com/windows7-phone -- I swear there wasn't when I was making this transition. Huh, that's a little frustrating. Oh well.
