The issue for per-site disabling is that the default is "on" and many sites simply fail to work (silently) when they aren't allowed 3rd party cookies.

Obviously this could be configured with a group policy but our IT group isn't going out of its way for a non-preferred browser.

For the TouchID it's FIDO2 compliance - not sure if it's our SSO/MFA provider or FF but... it works fine with Chrome :/