diff --git a/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
index 52e1966a7be..584191401ca 100644
--- a/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
+++ b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php
@@ -6,8 +6,10 @@ declare(strict_types=1);
  * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+
 namespace OCA\Settings\SetupChecks;
 
+use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
 use OC\Authentication\TwoFactorAuth\ProviderLoader;
 use OC\Authentication\TwoFactorAuth\ProviderSet;
 use OCP\IL10N;
@@ -18,6 +20,7 @@ class TwoFactorConfiguration implements ISetupCheck {
 	public function __construct(
 		private IL10N $l10n,
 		private ProviderLoader $providerLoader,
+		private MandatoryTwoFactor $mandatoryTwoFactor,
 	) {
 	}
 
@@ -35,10 +38,20 @@ class TwoFactorConfiguration implements ISetupCheck {
 		$primaryProviders = $providerSet->getPrimaryProviders();
 		if (count($primaryProviders) === 0) {
 			return SetupResult::warning($this->l10n->t('This instance has no second factor provider available.'));
+		}
+
+		$state = $this->mandatoryTwoFactor->getState();
+
+		if (!$state->isEnforced()) {
+			return SetupResult::info(
+				$this->l10n->t(
+					'Second factor providers are available but two-factor authentication is not enforced.'
+				)
+			);
 		} else {
 			return SetupResult::success(
 				$this->l10n->t(
-					'Second factor providers are available: %s.',
+					'Second factor providers are available and enforced: %s.',
 					[
 						implode(', ', array_map(
 							fn ($p) => '"' . $p->getDisplayName() . '"',