I am using MFA for certain users, using it in Web Admin Console, SSL VPN and User portal in which there is no way to disable it.
However I would not want to require MFA for web authentication, for example, an unknown user is directed to the web portal…