Where does "Require MFA for administrative roles" count come from?

Thanks for the reply ChristianBergstrom!

The information you provided is great.

To delve deeper into my question, the recommendation is to use conditional access policies to manage MFA. We have followed the recommended set up and are seeing there are some admin accounts not registered.

I have 2 questions:

1. Does conditional access policies update the Azure AD MFA state (from my testing it does not appear to be the case)
   1. I have activated MFA on an global admin account then went to Azure > users > MFA and found that the account states MFA is disabled. I then tried to log in with an incognito session that prompted for MFA.
2. Is there a way to see which users do not have MFA set up (assuming that conditional access policies don't actually update the MFA dashboard in Azure).
   1. If this is the case, then would the recommendation be to go to the MFA dashboard in Azure and then manually set the MFA state to enforced for admin accounts
      1. AND if we do this, then will there be adverse affects with the Azure enforcement and conditional access policy

Apologies for the long reply.