Hey @andrew.bulford - welcome to the Auth0 Community!
Answering in the same order.
1.- Yes, MFA can be combined with any authentication method. Bear in mind that Pro MFA (TOTP MFA, Google Authenticator, Duo) is available with our Developer Pro plan, and Enterprise MFA (Push via Guardian, SMS and Email MFA) is available with our Enterprise plan. You might be looking into the Enterprise plan considering that it’s the only one that allows authentication from a legacy datastore (Custom DB) - our other plans only include migration into Auth0 from the legacy datastore.
2.- No - if you want to do this, you would have to do it from your application itself, and set it up there. It would then be MFA managed by you, and not by Auth0 anymore.
Hopefully this answers your questions - let me know if you have any additional ones!