AnyConnect is on the roadmap, soon you can try it on a beta release. I don't know any option at the moment where you can do MFA. Maybe if you have a NAC-solution, like ISE, where you can call another authentication system like DUO for a response.
I used the native Windows client VPN.I have not seen the option of using AnyConnect with Meraki MX..are you saying that is now a new option available as I know it's been requested many a time but never came through. Your link redirects to a login I don't have access to.
I believe there are other options aside from the Microsoft Authenticator App such as text message etc. and that is configured within O365/Azure AD.
Yes I definitely increased the radius timeout to 60 secs as I believe the default is something like 5 secs, 3 times so 15 secs total. Support must be on the phone to do so btw, cannot be completed via email/case comments.