We should identify what Plone makes an "enterprise CMS" and bring these capabilities back in Plone 6.
This is clearly not a recycle bin or some similar toy.
Plone lacks decent capabilities in
- decent OAuth support out of the box for all major providers (Google, Azure etc.)
- strong and customizable password policies (a password length of 5 chars out of the box is a joke)
- better user management (at least I should be possible to lock accounts
- better tracking of user activity for better site protection (e.g. automatically lock accounts after N failed login tries)
- support for 2FA (is there a generic approach or some standard available?)
- 2FA login support using security devices (Yubi key or so)