Currently, forcing MFA doesn't restrict accounts on those who don't have it active. So if you have multiple users and they don't activate MFA on their account it doesn't really add much security.
Is there any way we could disable accounts or set a time limit in which they need to enable it?