A company has an AWS account with multiple IAM users. The security team wants to enforce that all users use multi-factor authentication (MFA) to access the AWS Management Console. Which THREE steps should the SysOps administrator take? (Choose THREE.)
MFA must be enabled per user.
Why this answer
Option A is correct because MFA must be enabled for each user. Option B is correct because IAM policies can require MFA for console access. Option D is correct because users need to know how to use MFA.
Option C is wrong because SCPs are for Organizations. Option E is wrong because CloudTrail does not enforce MFA.