@patrickwvp Thanks for that quick response!
I think what happens with users that don’t already have 2FA enabled is undisputed.
So, for users who do have 2FA already enabled, you indeed would like the organization to be able to deactivate that 2FA for users automatically = force them out of their 2FA, so to speak. Right?
I’m asking because, we have a similar new feature request (Add an Enterprise Policy to forbid users from enabling two-step-login) but OP there wouldn’t want the organization to disable 2FA for the users, but that the user would deactivate 2FA themselves “to become compliant before their access can be restored.”
Like it is with other policies when enforced:
warning
Organization members who are not owners or admins and do not comply with this policy will have access revoked when you activate this policy. Users who have access revoked as a result of this policy will be notified via email, and must take steps to become compliant before their access can be restored.
So the question was, if your two feature requests could (and should) be merged when and if they are same – or if they differ and should stay separate. (and the difference should then be made more clear also)