@Tim Richards Could you please run Get-MsolUser -UserPrincipalName username@your_tenant.onmicrosoft.com | select strongauthentication*
and confirm if StrongAuthenticationMethods attribute is empty or not. If this attribute has some value, that means there are one or more methods stored for user account to perform MFA.
To clear the StrongAuthenticationMethods attribute use below cmdlet:
Set-MsolUser -UserPrincipalName username@your_tenant.onmicrosoft.com -StrongAuthenticationMethods @()
Once the above cmd is executed successfully, go to https;//aka.ms/mfasetup and sign-in with that user account. User will get "More information required" page and he can set MFA for his account.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.