Dynamic Group Containing only MFA-enrolled users

I have a conditional access policy that prevents login outside of specific networks ( ie., physical offices ).

I want to exclude users from that policy who have MFA-enabled on their accounts. In other words:

No MFA setup yet = no access outside building

MFA setup = access

I have been digging a bit and am not seeing a way to create a dynamic group containing MFA-enabled users.

Is this possible and if so, how?