As per your requirement you can use forticlient VPN and use Fortitoken as 2MFA for the Dial-up VPN connection for local users. Kindly confirm the users trying to connect via windows(built-in) VPN are remote LDAP/Radius users or the local users configured on the firewall.
I would like to inform you, when I tried to connect vpn from my laptop during this time fortigate is sending the token to configured email-id when I checked firewall logs, but I'm not getting any token (OTP) on my email when I checked.
I have configured following things -
#config user local edit test set type password set two-factor email set email-to firstname.lastname@example.org set passwd test123 next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.