MFA is a security tool that verifies a users identity by requiring 2 or more layers of authentication before granting the user access.
MFA is an effective way to provide enhanced security in a world where passwords are increasingly easy to compromise by cyber criminals using methods such as brute force or phishing.
If a users credentials are obtained by a cyber criminal and you have MFA in place, they will not be able to access your systems until the access is granted through a second layer of authentication, such as providing authorisation through an application on your phone. The user is therefore not only able to decline the access, but it would have notified them to someone else is trying to access their account which gives them the opportunity to change their passwords and make their network administrators aware of the potential breach.
MFA is a free tool provided by Microsoft for all their Office 365 subscriptions, which gives you the basic functions required to protect all your users credentials. We always recommend enabling this feature by default to avoid any potential data breaches.
If you are after more advanced features such as setting Safe Sites or if you want to have 1x MFA tool for all your services (RDS, Office 365 + Various other online services) then you can use a 3rd party tool such a Duo.