Every day the scenario checks in AWS IAM whether everyone has login protection on, warns them in vkTeams and deactivates keys once you confirm.