Hello @avivmam welcome to the community!
Can you confirm what you mean by a user that has MFA enabled? The fact that tokens are being returned here leads me to believe that MFA has not been enabled on your tenant and thus applications - I recommend taking a look at the following doc and confirming whether or not it’s been enabled:
Hope this helps!