@LibraryITGuy   I found the Password Reset was "selected" to all users in our company, maybe it causes the MFA prompts even if it shows Disabled in the M365 admin portal. The security default is disabled.

Another issue is, if the user lost his mobile phone and need to reset MFA, where should I reset it ?  Usually, I set it in the M365 MFA portal ->Manage user settings-> ticked all the three selections, and then save.   

" Require selected users to provide contact methods again

  Delete all existing app passwords generated by the selected users

  Restore multi-factor authentication on all remembered devices "

But now I got the error: 

"MFA methods can’t be removed for the currently signed-in user account. Please visit https://aka.ms/mysecurityinfo for self operations."  The url redirects to my account profile->security info.   I know that I can delete the MFAed device, while if I already lost my mobile phone, how can I login to my account to do that by myself?

@Germaum thank you a lot! Worked perfectly.

@LibraryITGuy- this was a great help, I was going crazy with this login loop issue, I'm an admin as well as a user so I think since I was set for MFA automatically (?) this started acting up as soon as I migrated to Win 11 for some reason. Removing MFA on my login made no difference until I tried your solution.

Anyone trying this solution be aware it can take quite a few minutes to take effect.