A multinational company is implementing AWS Organizations to manage multiple accounts across business units. The security team requires that all IAM users in member accounts must use a specific password policy and must have MFA enabled. Which combination of actions should the company take to enforce these requirements?
Select one:
The trap here is that candidates assume SCPs can enforce configurations like password policies or MF...