When a Passly tenant is created we build your Default Policy to allow all users to use 2FA.
If you want the original default policy to use 2FA on first login once every 30 days you need to modify the Default Policy in the Policy Manager.
For example when your Passly tenant is created you will see a policy like this.
If an Administrator changes your policy to reflect as below displays to allow for devices to be trusted when using 2FA.