Does the API method enforceMultifactorAuthentication(), in the Knox SDK, come into effect immediately?

No. After setting the API method enforceMultifactorAuthentication() to true, the policy is enforced only after next password change. That is, when the customer opts to change the container password, the only option available is to choose the two-step verification.

The API method enforceMultifactorAuthentication() does not influence the currently set password in any way. If one wants to ensure that the customer will use multifactor authentication as one’s container password, then call the API method passwordPolicy.enforcePwdChange() to force the password change.