We've been planning to do this for years, and I've been a little surprised that no one ever asked for it. Once MSIX implemented it, I thought, "Any day now." But it still took a while for someone to make the request. But finally Tennessee did, and we've begun rolling it out. It's nothing fancy, but works pretty much just like it does in MSIX. Just go to "Your Account" and click the "Use MFA" checkbox:
You'll then be shown a QR code that you should be able to use with any standard authenticator app on your phone:
Just snap a picture of it, enter a test code along with your password near the top of the page, click Save, and that's it. You're now using MFA!
For administrators who'd like to require this in their state, we can configure the system to let users know that it's going to be required in the future. They'll be shown a banner every time they log in like this:
When the day arrives, any user who logs in and hasn't yet set up MFA will be taken directly to the My Account page to set it up.
If you don't see this in your current release, you'll see it in your next one.