Configure and enable Conditional Access for Microsoft 365
https://entra.microsoft.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade/
Specify the dynamic group to which the policy will be applied.
Specify All Cloud Apps in the policy scope.
Specify Browser and Mobile Apps and Desktop Clients in the policy scope.
Specify the MFA requirement condition.
Save.