Not true. Work at an MSP that has hundreds of Microsoft accounts in our password managers with TOTP. We even migrated password managers and had no issues with TOTP.
That said, we are moving away from shared admin accounts and we will have delegated access enabled with JIT for better security soon.
This can be configured for the Microsoft tenant. The admin can allow all possible MFA vectors or restrict it to just a single one such as the Microsoft Authenticator. Microsoft themselves are also pushing the Authenticator, which is actually fine. I haven’t done any packet captures to see what it is sending back to Redmond, but the most secure method is great. The service you are logging into generates a two-digit number that you must enter when prompted in the Authenticator app.
Still, I’ve seen issues arise when an employee only has a flip phone or flat out refuses to install any app required for work on their personal devices. IT departments will typically fold to pressure and allow a call or text for MFA because they did not want to buy, configure, and send out phones to employees refused.
I’ve also seen IT send a company phone to a specific user that refused to allow Microsoft to have their phone number for calls or texts too. Legal told them they could not require the employee to use their personal property or reveal personal details to Microsoft in order to work.
Not prosecuting a ex-President for literally trying to both violently and by subterfuge overturn a lawful, democratic election while in office by a position that is literally sworn to preserve, protect, and defend the Constitution would officially make America a joke.
Other democracies can uphold their own laws even when the highest official of the land violates their oath of office. If we do not, the idea of America as a democracy is officially dead.
If Trump wins in 2024 there won’t be a 2028 election, or at least a not a real one.
When you start the MFA registration process for a Microsoft account and select the Authenticator as the method there is a link at the bottom of the page about using a different app. Sure it will only generate a rotating code instead of the “easier” method of just entering a 2 digit number when prompted on the phone, but entering 6 numbers isn’t that much more difficult than 2.