Yes. In our testing of MFA using MS Authenticator this was the case. At this time I don't know if there is a resolution to this issue. Deeper investigation into our setup showed that MS NPS (Radius Server) could not take into account any previous session information. So users saw Authenticator prompts everytime the VPN client connected to a Secondary Gateway.
I think mileage may vary depending on the radius server implementation as I know that some radius implementations can account for existing sessions and then by-pass the MFA request.
It would be great if CP could let us know what if anything is on the roadmap for this MFA use case. I would certainly welcome a resolution.