One of the prerequisites listed there is: "Users can't have already set up the Authenticator app for push notifications on their account." - if that's the case, should we just delete the authentication method and start again?
1. Remove old MFA config (set users to disabled, or remove StrongAuthenticationRequirements using power shell) 2. Deploy Conditional Access policy 3. Enable Authentication Methods in Azure (e.g. Microsoft Authenticator)
