Hello Louai,
I'd recommend enabled security defaults:
And enforce:
Require all users to register for Azure AD Multi-Factor Authentication
You can also do this via Conditional Access Policy:
Common Conditional Access policy: Require MFA for all users
If this is helpful please accept answer.