Implement the "pick a number" model for password-based Azure MFA
Implement the "pick a number" model for the standard (non-passwordless/phone sign-in) Azure MFA workflow. Users get in the habit of hitting approve/deny and could easily mistakenly (or be tricked into) hitting approve. The pick a number method at least requires some coordination between the person logging in and the person holding the phone.
Should also provide additional details in the MS Authenticator app regarding the authentication attempt. Geo source of the attempt at a minimum would be helpful - similar to Apple's MFA that shows a map of the location.