Thanks @Pierre Audonnet - MSFT and @Jitendra Rai for your help.
I've resolved my issue creating following two rules:
1 - get samAccountName
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> add(store = "Active Directory", types = ("temp:claim/sam"), query = "(&(objectCategory=person)(objectClass=user)(userPrincipalName={0}));samaccountname;contoso\random", param = c.Value);
2 - Issue Windows Account Name
c:[Type == "temp:claim/sam"]
=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value = "contoso\" + c.Value);
@Pierre Audonnet - MSFT , yes, you're right. I'm sorry if I haven't been very clear.
Not sure I understand your question about why I don't use my MFA provider direclty in ADFS.
The big picture is that I would like to grant access to Azure portal or to Office 365 through this 3rd party MFA / IdP ( biometrical recognizition) but Azure AD doesn't support this 3rd party . This is why I'm using ADFS. Have I answered to your question ?