The last step of the configuration is to enable Azure MFA globally for the AD FS server.

In order to do that, log into the AD FS server as the Enterprise Admin. Then, go to Server Manager | Tools | AD FS Management.

Then, in the console, navigate to Service | Authentication Methods. Then in the Actions panel, click on Edit Primary Authentication Method:

This opens up the window to configure global authentication methods. It has two tabs, and we can see Azure MFA on both. If Azure MFA used as primary method by removing other options, it will not ask for logins and will use MFA as the only authentication method. Its operation boundaries can be set to intranet or extranet:

Another option is to select MFA as the secondary authentication method:

This finishes the Azure MFA integration, and users can use MFA based on the option selected in the preceding wizards. There is still lots to talk about AD FS, and it is hard to cover everything in a chapter. I have selected the most suitable configuration for any business to explain the AD FS deployment.