I'm trying to set up MFA for my users. At some point I thought I read something that indicated my users needed business premium accounts to enforce MFA. So I got a few, but then I find out that o365 admin center allows me to enable and disable MFA per user with something called "Legacy MFA". Then I read according to Microsoft Docs I should turn off Legacy MFA and turn on Security Defaults in Azure AD. Why? What's the difference? Then I read security defaults are not recommended for those with business premium accounts. Why?
All I want is a solid MFA protocol that secures my users but doesn't make it too difficult to sign in. Should I just stick with business standard accounts and use legacy MFA in O365?
