DTunes - To answer your questions:
- Previously registered MFA methods from the old MFA page will work for both MFA and SSPR (provided that the MFA method is also allowed by the SSPR policy). This is because the password reset flow only uses the data. However, previously registered SSPR methods from the old SSPR page will not work for MFA (even if the SSPR methods is allowed by the MFA policy). This is because MFA relies on data + strong auth methods and the SSPR registration page does not set strong auth methods.
- Nope. Methods registered from converged registration can be used for both MFA and SSPR provided that those methods are enabled in the corresponding MFA or SSPR policy.
- The re-confirm feature triggers an SSPR interrupt. We only pull the user’s registered SSPR security info on any SSPR interrupt (first time or rec-confirm). So, if they were to use this configuration, the user might not see all their previously registered security info when the reconfirm interrupt kicks in.
Microsoft