XFA can be used as a factor through the External Authentication Methods functionality in Microsoft EntraID. This allows XFA to be seamlessly added to any application from within the Microsoft EntraID admin dashboard, given that it uses EntraID as the identity provider.
When a user authenticates with EntraID, as an additional factor after supplying a username & password, the user is redirected to XFA to verify that the device is compliant with the device security policy before authenticating the user. This assures that only devices that comply with the security policy are allowed access.