Azure MFA needs anti-phishing features such as include location details and notification to users about new devices
Users can sometimes approve MFA notifications on their device because they do not know whether it is their device authenticating or a hacker who has phished their credentials. Therefore, to help users know why they are being asked to accept authentication include additional details such as the application name, IP address and location in the MFA prompt. Apple includes the location and a map of the location in their own two-factor implementation.
Additionally, users should be notified with an email any time a new device is used to authenticate to their account.