This is something we haven't been able to figure out how to do.

For security, we are required to impose:
1. Daily logouts, 

2. Every logout should require MFA. 

But we haven't been able to figure this out entirely.

We managed to access Zoho Directory, and we added this policy:

And we then applied them to this group:

However, in the "Users" section, there are some users like these which have access to our CRM organization, but cannot be added to the above group:

Any idea why this would be happening? Is there a simpler way to mandate MFA for every log-in (as a baseline across the whole organization) apart from this?