We recently attempted to migrate our MFA and SSPR policy settings to the Authentication methods policy for Azure AD as described below.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-authentication-methods-manage
After the migration, users were able to log in. However, we did notice that our Global Administrators (which are unlicensed) could not login. The methods that are enabled are Microsoft Authenticator, Third-party software OAUTH tokens, and Email OTP. The global administrators are using a 3rd party OATH solution and have Email OTP setup for SSPR.
After marking the migration as complete, the following started happening to our Global Administrator accounts. When logging in, we would enter in username and password. After this, it would bring us to the More Information Required page. We would click Next which would bring us to the mysignins.microsoft.com page where it asks to confirm your authentication methods. It showed both Authenticator and Email OTP as configured, said everything was setup correctly and we clicked Next. This would bring us back to the page saying More Information Required page and it kept looping.
After researching, I did stumble across the below article. It appears there was possibly a bug at one point that prevented Global Administrators from signing in if they didn't have a phone-based authentication method setup. This appears to only have been an issue if security defaults were enabled which is not the case for us. Can it be confirmed if the reason for my issues was because I don't have a phone-based authentication method for the global administrators or if it is something else? I don't want to risk trying this again and go through the huge headache of getting back into our account unless I am pretty sure it is going to work.
https://learn.microsoft.com/en-us/answers/questions/950942/guests-with-global-admin-can-not-login-to-azure-po