I have MFA enabled. Is that an acceptable resolution to the vulnerabilities highlighted in the report?

Multi-factor authentication (MFA) mitigates the issue but does not resolve it.

Having MFA enabled is not the same as having MFA enforced for anyone accessing the service. MFA should be enforced for all users until the service is removed.

KYND always recommends that even ports protected by MFA are placed behind a firewall or VPN to prevent them being externally visible. Any externally visible port that looks like it may accept connections can induce a threat actor to explore your attack surface.