I've set up the use of Azure MFA for our organization using the Conditional Access Policies. We tested this to ensure it works as expected with a handful of users, and are planning to roll it out more widely as we simultaneously roll out MDM using Intune.

I have a couple users who have been using the Authenticator app to validate their logins, and they've been getting the Approve/Deny prompt. However, now that we've enrolled their phones in Intune, they are instead getting a 'choose the matching number' prompt instead. 

We are not configured for Passwordless login (it's on the list to look into, but we're just not there yet), so I know that's not it, and these are the same users who were getting just the approval request before. Is this expected behavior once their phone is in Intune, or can anyone tell me if there something else that might cause this issue?