Worth noting. Microsoft have sneaked in a “Free Version of MFA”. On the understanding that you agree to enable the new “Security Defaults” (below) and only use the MFA Authentication App
It basically forces MFA for everyone and blocks legacy authentication too. There is no “trusted sites option” and a load of other features not available. See URL here.
Also everyone is prompted for MFA and must register regardless of been internal / external. But which may be useful for small / tactical deployments.
Credit to Mark Brumby for highlighting this.
VMFocus 