I have been trying to clarify about MFA license requirement for applications (both SAAS and on-premise) federated in ADFS. We use Azure MFA in our ADFS farm. Based on the link below, MFA for on-premise applications does require either P1 and P2 license. MFA works fine in ADFS even if we didn't assign a P1 license to the user for those applications. So my question is if P1 is needed but Azure just doesn't check it or it is not a requirement unless users are authenticate through application proxy in Azure AD.
Thank you.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing