At present, the MFA status (enabled/disabled) of a user is not returned via UI or REST API, so there is no way for the admin to know whether the user has enabled it or not. While the CSV export for managed accounts provides this information, this is not possible with unmanaged accounts. 

It would add value if the current GET user endpoint supported this property.