Understood. As far as I know there’s no way at this time to apply a bulk change in a way that would be convenient. I’d suggest leaving a feature request at Auth0: Secure access for everyone. But not just anyone..
If you user community is very active (high MUA to total user ratio) you could put the above logic into a rule and let the change take place over time, then clean up the stragglers which limits the bulk changes you need to make.
If you user community is less active (low MUA : total user ratio) then the only option is leveraging the API and some scripting to work through you user base. Obviously not ideal but not impossible: with ~3 million users that’s a script running for about 60 hours (/users endpoint rate limit is 15rps in production).