Forced two-factor authentication in Google Engine Engine projects

Follow the instructions here to make 2-step verification mandatory in G Suite:

• If you need a two-step verification of all users in a domain or within an existing organizational unit (OU), you can skip this step. If you need to set a different two-step authentication setting for a selected group of users within the organization, create an administrator-managed group that contains all such users. See Using group exclusion for detailed instructions on creating custom groups.
• On the toolbar, click Reports, then select Security. Confirm that all users who need to be forced to a two-step verification are already registered in it, indicated by the "Registered" column in the two-step registration registration.
• On the toolbar, click Security> Basic Settings> Force Two-Step Verify Users.
• Select the organization in which you want to perform two-step authentication required. Then select Enable Enforcement. Two-step verification will become mandatory within 24-48 hours after enforcement is enabled.
• To inherit a suborganization, the 2-Step Verification parameter inherits from its parent organization, click the Use Inherited button to appear next to the right field when you hover over the authentication panel.
• If you want to free a user group, select the group name (created in step 1) on the right side, keeping the organization selected on the left side of the page and select Disable Law Enforcement. This will apply two-step authentication for all users in the selected organization, with the exception of users in the exclusion group.
• Save the changes.

Now all users of the selected organization are required to enter an additional code from their mobile device.

Link: https://support.google.com/a/answer/2548882?hl=en