What is a requirement for enabling two-factor authentication for local user accounts?

Enabling two-factor authentication for local user accounts allows for an additional layer of security beyond just a username and password. The option indicating that it can be enabled on a per user basis is correct because this flexibility allows network administrators to choose which specific users require enhanced security measures. This targeted approach is beneficial in environments where not all users may need the same level of authentication rigor, enabling more granular control over security without imposing blanket policies across all accounts.

In contrast to this, having a system-wide requirement would limit the ability to tailor security settings to individual users' needs, which may not be practical or necessary in every situation. Similarly, the notion that it can only be enabled for administrative users restricts its use and undermines the broader security posture, as it could leave other local user accounts vulnerable. Lastly, relying on external authentication servers can complicate the setup and requires additional resources, potentially making it less accessible or feasible for all environments. Thus, the ability to enable two-factor authentication specifically on a per-user basis combines both security and flexibility, making it the correct choice.