To follow this guide you will need:
Administrator access: only Administrator users can access the Google Workspace Admin panel.
Go to the 2-Step Verification page in the Google Admin dashboard.
Configure the details of your MFA deployment:
Under Enforcement, select "On" or "On from <Date>", as appropriate
Under Methods, choose the option appropriate for your team (Not sure? We recommend "Any except verification codes via text, phone call")
Hint: where available, and where they are the sole user of the device, you should "Allow the user to trust the device” so they only get prompted once a month or similar. Reducing the volume of MFA prompts will greatly reduce the chance of a user accepting prompts they didn't initiate.