MFA not showing on M1 Macbook Airs

MFA not showing on M1 Macbook Airs

We have started rolling out MFA on domain-bound Macbook Airs and have been installing the ADSSP logon agent and setting the parameters in the config.plist file but after a few days of working correctly it will stop asking for MFA requests and allow the user to sign straight into their machine. We can fix this by uninstalling and reinstalling the agent and would like to know if we have something set wrong in the config file. Having the user log out and or restart does not seem to resolve this either. 

The config.plsit changes were offline MFA, Login MFA, and restrict badcert. 

                  New to ADSelfService Plus?