The export report from the members app enables an admin to see which users have 2FA active or not. There is then a requirement to disable access to users that don't have 2FA switched on (At present there is no way for an admin to enforce 2FA on the platform).
One option is to remove a users access as in the image. However, with the users access removed they are then unable to login and turn on 2FA.
Another option is to unassign the PCS licence from a user. This however, poses the same issue as above, and also another issue in that the licence could be assigned to another user during this time and as such the first user may not be able to log back in if all licences are consumed.
There needs to be a way to enforce 2FA on the platform or for a user to be able to login to a level to modify their profile and 2FA settings but not access the platform any further than the user profile.