MicrosoftIt is not appropriate for Outlook to be handling authentication prompts.
The domain of Outlook is messages (mail and Teams chat), calendar, and tasks. Each of those is hard enough, especially with the embedded elements of html messaging, and various protocol parsing, e.g. iCal.
Password-less authentication, TOTP, as well as credential synchronization are the domain of Microsoft Authenticator. A few things it does very reasonably well.
Different threat models, different analysis and coding skills, different consequences in case of failure, different update cycles and deferral priorities. Just because one may receive SMS codes in an SMS app or one-time codes in email, doesn't make either of those a security first tool like a password vault. I can defer a mail client update depending on known issue impact. Much different evaluation for authentication tools.
Better to figure out a way for Outlook to safely invoke any separate authenticator and provide a policy to turn this flawed idea off.
Promoting password-less auth is good. This way is not.
