Hello @Anonymous , yes you can limit/control what Azure AD users get to log into AWS Identity Center . MFA is free to user under the per user model and Security Defaults but requires paid licensing under Conditional Access.
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.