My leadership is looking to roll out a new company policy that will forces shorter MFA duration times on specific users based on various criteria. Not looking for changes to persistent browser sessions or sign-in frequency. Just a way to set how long a specific user/group has before that are required to respond to another MFA challenge. 

I thought that any manual changes to MFA duration were tenant-wide. I know there are risk-based CA policies but we want to be able to manually set the duration instead of waiting for the system to flag them as "risky" -- risk-based CA policies have limited reporting capabilities without a Premium license anyway, so that's kind of a non-starter.  

I found this article that talks about changing session duration (not MFA duration) for select users but, again, this requires a P1/P2 license.

Am I totally incorrect with the "MFA duration is tenant-level only" idea? Just don't want to break the news to my leadership only to find out it was possible all along.