It is recommended to use Multi-Factor Authentication (MFA) to enhance user protection.
MFA is primarily triggered either by per-user settings or Conditional Access (CA) policies. You can find instructions for checking MFA status and configuration per user in the documentation below [1].
Login activity logs can be reviewed in the documentation below [2], which also includes information on whether MFA was used.
[1] Use Multi-Factor Authentication per user
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#view-the-status-for-a-user
[2] Sign-in logs
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins#view-the-sign-ins-log