@MCalicchia
Thank you for your post!
Based off your issue, I found some answers posted by of my colleagues, that should help point you in the right direction when it comes to enforcing users to sign-up for MFA.
GitHub Issue #39539 - 14-day grace period:
Security Defaults is something that an organization would do when they know they are going to roll out MFA in the near future. This allows them to get their users registered with minimal discomfort. If you enable a Conditional Access Policy that requires a user to perform MFA, and enable the Azure Identity Protection Sign-in risk policy, users will immediately be required to register and will not be able to bypass the 14-day grace period. This is because the policy now requires users to be registered to use MFA. This unlike the registration policy will block users from continuing until they have completed registration.
I hope this helps!
Additional Links:
14-day period (Unified Multi-Factor Authentication registration) #43034
Disable MFA 14 day grace period?
What is Identity Protection?
Enable sign-in risk policy for MFA
Configure the conditions for multi-factor authentication
Building a Conditional Access policy
If you have any feedback regarding the Security Defaults feature, or would like a new feature to be implemented I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into this.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.