As much as I've been able to read, this explains how to set up AD<->O365 SSO. So far so good. I've been asked to set up Multi Factor Authentication of the type "Time-based One-time Password" for both O365 and AD.
How I see my end goal is:
1. An app for peoples smartphones (with the possibility of an SMS) for MFA.
2. I also expect some sort of centrally managed application which is installed only once and not on each persons PC or is not installed but managed in cloud.
How would I go about achieving this goal?