ADFS Login not being intercepted for MFA
If you are experiencing ADFS login attempts bypassing the Cloud MFA prompt then it is likely caused by a missing Access Control Policy. This article describes the steps to verify and correct the problem.
First, verify if there are any Access Control Policies that may apply to the effected credential.
Open the AD FS snap-in and open the Relaying Party Trusts folder and elect Microsoft Office 365 Identity Platform and then in the right hand panel click Edit Access Control Policy ...
For each relevant Access Control Policy, ensure that MFA is a requirement. The default recommended policy is "Permit everyone and require MFA", however you can also specify a custom policy if required.
After this policy is set, the effected user should now be prompted for MFA.