Yeah thanks, I found that I could disable it by disabling the entire authenticator app (Still 2fa with other email/sms.), but there seems to be no way to have it so you need to enter a password for the prompt to appear though. And regarding convenience see the end of my other comment about steam. It's doable without sacrificing significant security.

Right, what is described in that link is reasonable, none of those seem to have a reasonable chance of accidental approval (Even so I wouldn't want for them to appear without me entering my password.), but that's not what I got, while I doubt I personally would accidentally approve the 3 number one I got I can easily imagine someone doing it.

This kind of thing is what I got. https://janbakker.tech/number-matching-with-microsoft-authenticator-app-in-azure-mfa/ in the picture on that site it's also one fat-finger from granting access to an attacker should it have been someone else. EDIT: To be fair this is 2 clicks on what I get, doesn't change much though.

Also about the far away IP thing. I get this everywhere I try to log in, I tried my main PC and a separate PC on VPN in 3 different locations, not once did I have to enter my password for the prompt to appear on my phone.

I was gonna say, contrast this to Steam where I have to enter my username and password and only then get prompted to enter a 6 digit code from the phone on the PC where I want to log in. But they seem to have done away with the code for convenience (I assume) as well, anyway it's still better because I have to enter my password for the prompt to appear so I know that if it does appear my password is compromised (What I assumed had happened for my email.). Add to this that steam also has a QR code you can scan with your phone for instant login without entering your pass or username so they win on convenience anyway.