In the recent botnet editing attack, one of the original reasons that the wiki community escalated to SRE was that enabling the 'emergency CAPTCHA' functionality for anonymous IP edits requires a configuration push.
Currently this is implemented by editing $wmgEmergencyCaptcha in InitialiseSettings.php, like this patch.
There was broad agreement afterwards from both involved WMF staff and from responders in the community that it would be ideal if Stewards could enable this themselves, without having to escalate to someone with deploy access.