@Will Weston Thank you for reaching out to us, As I understand you want to achieve a MFA prompt after entering the password for the users at the logon screen.
In the past we used to have to have this option, currently on-premise MFA server is not available for new deployments - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-migrate-mfa-server-to-azure-mfa
If it's hybrid environment and you want Password + MFA when RDP to the clients, in that case you can leverage NPS extension with Azure MFA. Also, RDS infra with Azure MFA. https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-nps-extension-rdg https://learn.microsoft.com/azure/active-directory/authentication/howto-mfa-nps-extension
For interactive logon if you are looking for MFA along with the password, then would recommend going with Windows Hello for Business approach, it replaces passwords with strong two-factor authentication on devices. This authentication consists of a type of user credential that is tied to a device and uses a biometric or PIN.
Refer to this https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview for more information related to Windows hello for business/deployment models which you can choose based on your current infrastructure.
Also, would recommend to read this Is Windows Hello for Business considered multi-factor authentication? The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.