The last step of the configuration is to enable Azure MFA globally for the AD FS server.
In order to do that, log in to the AD FS server as the Enterprise Admin. Then, go to Server Manager | Tools | AD FS Management.
Then, in the console, navigate to Service | Authentication Methods. Then, in the Actions panel, click on Edit Primary Authentication Method:
This opens up the window to configure global authentication methods. It has two tabs, and we can see Azure MFA on both. If Azure MFA is used as a primary method by removing other options, then AD FS will not ask for logins and will use MFA as the only ...