Migrating Legacy MFA & SSPR to Authentication Methods Policy for Microsoft Entra ID

You can migrate Microsoft Entra ID legacy policy settings that separately control multifactor authentication and self-service password reset (SSPR) to unified management with the Authentication methods policy. You migrate policy settings on your own schedule, and the process is fully reversible. You can continue to use tenant-wide MFA and SSPR policies while you configure authentication methods more precisely for users and groups in the Authentication methods policy. You complete the migration whenever you're ready to manage all authentication methods together in the Authentication methods policy. https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-authentication-methods-manage If the migration didnt succeed after you disable the legacy authentication methods options, you can try to disable " Allow users to create app passwords to sign in to non-browser apps" in MFA configuration, and put as do not allow temporary