I was wondering if there is a way to allow tenant users, on their own, to set up Passwordless using MS Authenticator AND set the account in a way that it's always enforce Passwordless or password+MFA?
We are encouraging users to set up Passwordless when they're ready, and when they have done so, we want them to always use Passwordless or password+MFA to sign in to AAD.
Is there a way to accomplish this? -- So far we need admin to enforce MFA on Microsoft 365 portal. Something impractical for organization with thousands of users.