Do you have your app configured with its own MFA policy (Authentication Policies in OIE)?
In your other Okta tenants, I imagine the difference is that the MFA requirement is set at the Global Session Policy level. When you make a request to /authn, only the policies related to Global Session Policy will be evaluated.
If you instead have the Global Session Policy set to only require username and password and then the application’s policy (configured on the Application → Sign On tab in Okta Classic, but as an Authentication Policy in Identity Engine) is the one set to prompt for an additional factor, then that would explain why you see it when trying to use the sessionToken (which only proved that username/password auth was completed) to log into a given application.