When adding users to AD manually they usually do not automatically pick up the characteristics needed to allow them to register in Azure for using MFA with VPN.
Use this link to see if the user has registered with MFA. Note that the search is by FIRST NAME only. User registration details
The following are things to check if a user is unable to log in to set their MFA in Azure.
User is in LDAP-Users
Mainly this may impact consultants and Admin IDs. Move the user account into LDAP-Users if it is not there.
User Principal Name (In Azure)
Make sure that the name is their NazNet ID and that their domain is naz.edu
User Login Name (UserPrincipalName) in Active Directory
Again, make sure that the login name is the same as the NazNetID or samAccountName and that the domain is naz.edu