I would, it's pretty trivial (I have done it for multiple organizations of different sizes/technical competencies). Especially for something like a VPN; at this point if you use a VPN solution which doesn't support MFA it almost certainly has other security issues as well.