Summary

Confluence's two-step verification (2SV) allows administrators to enforce two-step verification for 'high-risk authority users' (administrators) using the

-Datlassian.authentication.2sv.enforcement.enabled=true

parameter, however non-administrator users are unaffected.

Suggestion

Provide additional functionality to enforce two-step verification for non-admin users, to improve instance security.

This could managed in a dedicated Confluence Administration page

Workaround

No workaround is currently available at this time.