It would be helpful if the Advanced Access Control for bitbucket cloud would support optional combinations of the existing methods. For example, the user could access the team area with either 2FA or from a whitelisted IP address.
If I'm not mistaken, enabling both 2FA and whitelisting currently requires both mechanisms to succeed.