Our police department currently connects to the VPN, then connect to their various applications. Because of the nature of the information they pass, they must be on the VPN, however we have been mandated to implement mfa at windows login. We have ADFS, CISCO VPN... Any idea where to start or how to make this work?
I'm not an expert in this, but I don't believe there's a native way to do Multi Factor Authentication on Active Directory (Windows Login). You'd need to look at a 3rd party solution (and there are many).
MFA for ADFS only secures login to web apps after the desktop login has been processed.
You can use a comprehensive VPN for Windows which provides a corporate solution as well. The most secure encryption level for secure and sensitive data transfer must be OpenVPN with AES 256-bit encryption. This is so far not broken by any security agency. For more information on this, read the Best VPN for Windows