Managing external identities to enable secure access for partners, customers, and other non-employees
@itscoolicanchangethislaterright-6283
You are right, we cannot enable MFA using Profile Editing policy. But, if authentication phone is already configured on User Account, user gets prompted for MFA otherwise there will not be any MFA prompt. However, the customization options should have been there to provide same look and feel for entire flow. This definitely seems like an oversight. I would suggest you to post this at feedback.azure.com.
Workaround:
The only workaround in this case would be to use custom policy. In TrustFrameworkBase.xml, you can specify the URL of your custom html under content definition for api.phonefactor at LoadUri parameter as highlighted below:
Now if the RP files such as SignuporSignin.xml or PassworReset.xml or ProfileEdit.xml chain up to the above TrustFrameworkBase.xml file, same MFA page will be provided.
-----------------------------------------------------------------------------------------------------------
Please "Accept as answer" wherever the information provided helps you to help others in the community.