A new setting for Azure AD conditional access policies allows organizations to dictate the authentication strength of accepted connections. This is part of a Microsoft effort to move MFA-enabled Azure AD accounts away from the relatively insecure SMS-based challenges to methods that are less susceptible to attack.

https://office365itpros.com/2022/10/10/authentication-strength-ca-policies/