Add a policy for enforcing particular MFA provider/option on company users

As Enterprise Bitwarden user, I’d love the dedicated policy, that allows me to enforce usage of TOTP/FIDO2 on my users instead of mail-based one-time code.
For now I could only enforce MFA usage, but this defaults to mail and I cannot monitor or enforce TOTP/FIDO2 on my users.
I consider mail-based code weaker than other forms of MFA.

An alternative option may be to set up Duo as 2FA for your organization. This will force all of your users to set up a Duo 2FA method on their next login (Duo Push, SMS, phone call, or security keys). Not sure if this would prevent users from also having email set up as one of their 2FA methods.

then we would have to pay for Duo separately - I see no reason for this as it seems it could be implemented by simple policy (if a policy could exists for MFA enforcement in the first place, this one should be doable too)