As mentioned, for the 14 day grace period to apply to users when registering for MFA, there are two ways to achieve this. One way would be to enable Security Defaults which would enable MFA for the entire tenant. This option does not need additional licenses and can be enabled from the AAD portal. For more information on SD, please refer to https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-d....