I am a strong proponent of two-factor authentication but the worrying thing is the way it’s being advertised or pushed as a holy grail of security. The weakest link is still the person using the service/device and if they continued to use weak passwords then it just become the matter of loosing your token device or mobile.
When enabling two-factor authentication users still must advised to setup secure passwords with at-least 10 digit length containing Alphabets, Numerals and Special Characters.
It’s a good thing that Microsoft is building two-factor authentication directly in the OS and it will help the IT administrators to better manage and protect the device in their network.
See the link below for more detail about the implementation of two-factor authentication in Windows 10.