You can nudge users to set up Microsoft Authenticator during sign-in. Users will go through their regular sign-in, perform multifactor authentication as usual, and then be prompted to set up Microsoft Authenticator. In addition to choosing who can be nudged, you can define how many days a user can postpone, or "snooze", the nudge.
When talking about security in terms of Azure Active Directory, you can't get around Conditional Access. Conditional Access brings signals together, to make decisions, and enforce organizational policies.