my thought and with using ADFS with it we can easily integrate MFA tied to the ADFS portion for the Auth to make it more secure.
But if using MFA with that method I would recommend using FIDO2 | FIDO U2F hardware based keys as the auth app method can be by passed now a days.