This seems to be an all or nothing approach which does not suit us at all.
It is not clear how will it affect the Secure Gateway Server which requires a log on to MEDC and is the only local MEDC account we use.
To manage MEDC we use 3 individual local AD accounts with elevated privileges which do not have email addresses associated (outside of MEDC) with them or any rights under Azure/365.
Our normal day to day 365/mail accounts do not have admin privileges or admin access to MEDC and already have MFA usually via MS Authenticator.
We would also prefer not to switch this on for all admins at once as we could potentially lose access to MEDC.
Is this configurable on a per user basis?
Re. "Please enable TFA in 9 days or access to the product console will be restricted." what exactly will be restricted as we cannot immediately enable your implementation of 2FA without reassigning admin roles to our "day to day" accounts.