Please help me to understand
I am currently studying the "Azure MFA". After reading the below article I am assuming that if any of the license acquired like office365 then the person can use it for internal infrastructure as well with no extra cost. For example MFA can be use for windows login or MFA can be use for vpn dialer or MFA can be use for accessing remote desktop/terminal services with no additional cost.
https://azure.microsoft.com/en-us/pricing/details/active-directory/