Hi @Blakey, Gregory ,
I think I commented on this issue in the other thread, but if you have a conditional access policy enforcing MFA, then the users will need to pass the MFA request and register (and won't get the 14-day grace period option). If you don't have a policy like that configured, enabling security defaults will trigger a 14 day grace period for registration after a user's first login and security defaults being enabled.
Conditional Access by itself without Azure Identity Protection does not allow for the 14 day grace period and a conditional access policy requiring MFA will overwrite the grace period exception.