MFA status is enforced at the group level in GitLab. It can also be enforced independently for subgroups if the "Allow subgroups to set up their own two-factor authentication rules" option is selected.
1. Select a group (or subgroup!) from your dashboard.
2. Go to your group's settings in the sidebar, scroll to "Permissions, LFS, 2FA", and click "Expand". Check the "Require all users in this group to setup two-factor authentication" box.
3. See this GitLab article for more details.