Office 365 Multi-Factor Authentication (MFA) service is part of Microsoft Azure and is linked to Azure Active Directory, where all Office 365 identities reside. The post Enable Office 365 MFA with PowerShell to describe the actions needed when working with Office 365 and MFA.
Users can access Office 365 Services using an additional verification method in an SMS code, Call, or Mobile app code with MFA.
Office 365 (Azure) MFA comes with four verification methods:

• Phone call
• SMS text message
• Mobile app verification code
• Mobile app notification

MFA Status

A user has three statuses in MFA.

• Disabled The default state for new users
• Enabled An administrator has enrolled a user with MFA, but the user hasn’t completed the registration process.
• Enforced When the user hasn’t completed the registration.

Tip: Enabled users are automatically switched to Enforced when they register for Azure MFA. Do not manually change the user state to Enforced.

Enable MFA for User

There are few ways to enable MFA for a user. The following example is from the Office 365 portal.

• Log in to the Office 365 admin portal using an administrator account.
• On the portal, go to Users and expand Active users.
• In the list of users, click the user for which you want to enable MFA.

Tip: you can go directly to the Multi-factor authentication admin
On the MFA portal, choose the relevant user and choose to Enable on the right side.

Once selected, all you have to do is click Enable to enable it.

Play with PowerShell

With PowerShell, you can run many commands to enable, disable, and many others.

Show MFA-enabled users.

There are many options to work with the PowerShell command with MFA.

Get-MsolUser  | Select-Object UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements

Get-MsolUser | Where-Object {$_.StrongAuthenticationRequirements -like "*"}  | select UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements

Show all MFA-enabled users that have enrolled.

Get-MsolUser | Where-Object {$_.StrongAuthenticationMethods -like "*"}  | select UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements

Enable MFA

Create the StrongAuthenticationRequirement object
$mf= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mf.RelyingParty = "*"
$mfa = @($mf)

Enable MFA for specific user

Set-MsolUser -UserPrincipalName eshlomo@elishlomo.us -StrongAuthenticationRequirements $mfa

Enable MFA for all users

Get-MsolUser -All | Set-MsolUser -StrongAuthenticationRequirements $mfa

Disable MFA for specific user

$mfa = @()
Set-MsolUser -UserPrincipalName eshlomo@elishlomo.us -StrongAuthenticationRequirements $mfa

Notes from the Field

Some notes about access and refresh tokens valid while using Modern Authentication. When a user successfully authenticates with Office 365, they have issued both an Access Token and a Refresh Token.

• The Access Token is very short-lived that is valid for around 1 hour.
• The Refresh Token is longer-lived, and in some cases, the token may be valid for up to 90 days if: It is frequently used. The user hasn’t changed their password.
• The Access token is used to gain access to resources such as Exchange or SharePoint Online.  When the Access token expires, the Office client will present the Refresh token to Azure AD and request a new Access Token to use with the resource.
• The default lifetime for a Refresh Token is 14 days (expires 14 days after issue if not used).
• Features such as Conditional Access Policies may force users to sign in again even though the Refresh Token is still valid.  Once the Refresh token expires, users will need to sign in again.

SSO experiences Modern Authentication

The office provides users with Single Sign-On between applications. That means that after a user signs in to the Office application, that account is available in Excel, PowerPoint, etc.
However, accounts added to Outlook are not immediately available to the other Office applications. Still the expected behavior with the updated Authentication features.
Another good read for Managing Office 365 MFA Service Settings