Hello Chris. 

This is currently available on a per domain basis. 

so that 2FA is forced for all of the domain users. 

Thank you

New users are forced to set it up on their first login. Users that exist before it is enabled are not forced to set it up. Once a user sets up 2FA, they cannot remove it with the Forced option ON (which is a nice feature). 

What we would like is a way to force existing users to enable 2FA. Can that be done?

Hi Chris, 

Existing users should be prompted to set it up during their next webmail login as well. We will look into this behavior and apply a fix as needed. 

Kind regards,

Hi Chris, 

We did some testing of this feature, and I'm afraid we can't replicate the behavior you're seeing. When we force Two-Step Authentication for a domain, existing users are prompted to configure it on their next webmail login (just like the new users).

That said, please note that Two-Step Authentication is not applicable for users who authenticate via Active Directory. If your existing users are set up with Active Directory authentication, this would explain why they don't receive the prompt to set up Two-Step Authentication, even when it's forced. 

I'm going to open a support ticket with you so we can look into why this is happening on your server. We can update this thread for others once we have an answer. 

Hey Chris! :-) I wasn't able to reach you via the ticket we opened with you and so I've closed it for the time being. Please let us know if you have some time to circle back to this in the future.