Microsoft and Google forced organizations that were using their services to upgrade to 2FA over a few years. For a short bit it was optional, after that it's basically not possible to use these services without 2FA. Now even many grandmas are familiar with the idea that sometimes you have to copy a code from your sms to a website when logging into your bank account.

They could have done the same thing with passwords. They have 100s of millions of organizational users, who will do whatever corporate IT tells them to do. Microsoft can say, there is a password manager available on Windows. From now on, organizational users must use 100 entropy bit passwords. IT tells users - users must store passwords in the password manager and use the browser extension.

After three years of users resisting, everyone will give in. Same for university students, who will need it. After that the rest will adopt easily because it is the default thing to do.