• There is ONE MORE place where you need to look – Azure AD Identity Protection. There is a company-wide MFA setting there that will force your users to go through MFA.
    Azure AD > Security > Identity Protection > MFA Registration Policy

  • While at it, reset passwords to password123. Who needs security right?
    Recommend people keep security defaults unless they using conditional rules which been setup proper. Best asking MS for help that disabling what protects the tenant.

  • >