Hello, Enable remote access to SharePoint with Azure AD Application Proxy details how to protect your on premise Sharepoint with Azure AD, Azure AD Connect and application proxy, however it requires Windows Integrated Authentication (which relies on Kerberos tickets) and does not support Forms authentication which relies on cookies.
In order to get MFA displayed or requested you have to first input your credentials, you cannot replace this with a security token of any kind.
Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.