You would need to create or modify the conditional access policy for MFA and exempt those users either explicitly (one by one) or via a group (AD or Azure AD) and add your wayward users there.
I recommend the group option as its easier for IT/security admins to audit without having to explicitly go to the CA policy each time.
From a cybersecurity perspective, typically you would not want to exclude anyone from MFA but if there's a justified reason approved by your security team, you should tailor the CA policy to exact who, where and what they are.