Currently, a tenant user can always edit his or her own account properties, and there is no way to hide the Disable MFA button nor force enable it. Since users can already login without MFA, they may probably neglect to enable this feature.
As an alternative, administrators can force their users to enable the MFA feature during the user's first login.
For Administrators:
- Create a new user account and enable its MFA feature.
- Capture a screenshot of the QR code or copy the pass code.
- Use a device to scan the QR code or enter the pass code to completely enable the MFA.
- Send the QR code or pass code to the user.
For Users:
- Install Google Authenticator.
- Scan the QR code or use the pass code to create an authenticator on your own device.
- Use the authenticator to login to Deep Security Manager.
For more information about the MFA feature, refer to this article: Set up multi-factor authentication.