Verbiage on the below link seems to imply Azure AD Connect is a requirement (prerequisite) to enable MFA in Azure AD if using "Hybrid identity scenarios". We use AD DS on-premises and Azure AD for Microsoft 365 resources. We want to continue in the same configuration (separate passwords, not synced), and enable MFA for Azure AD. What are the pitfalls of enabling MFA and bypassing Azure AD Connect?