robynhicock,
It is super disappointed we are still waiting for this. We do not want to use SMS. Ideally Questions or Mobile OTP/Push. I get the reason why (not enough people have moved to the new experience) but why haven't you just forced the new experience. Other MS teams are moving my cheese all the time, this one seem so basic, the new experience is far better, why not force it on all tenants? To my knowledge you don't lose anything going to the new UI. Previews should last 6 months not 6 years lol... In the time we have been waiting for the "You must enable another method to use mobile app or hardware token code" restriction to go away the world actually changed, SMS is no longer considered safe and true Passwordless is around the corner.
As a side note have you thought about how Temporary Access Pass plays into this? We are starting to think the ideal password reset workflow doesn't involve security questions at all (which also can suck pretty bad) but instead helpdesk or manager generating TAPs then users use that to use password reset tooling. Hopefully you are thinking about that and hopefully the turnaround for that wont be measured in years.