For Multi-factor Authentication to be effective, you also need to block legacy authentication. There’s no point in setting up MFA if people can simply use other means of authentication to bypass it.
The following is a critical step-by-step guide to blocking legacy authentication in your organization through the use of legacy authentication reporting, Azure AD Conditional Access, & disabling legacy authentication in your services.
- INFO: New tools to block legacy authentication in your organization
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302