[63stack]

Does anyone know what's the intention in doing this? The default behavior of OTP was afaik always to generate a code on the second device, and input that into the device you are trying to log in with.

I assume Microsoft felt the need to dumb this down so it's easier to just approve it with a click of a button, then after they realized this is bad (that pretty much anyone with a bit of security experience predicted) they now changed this to "input code on second device", instead of just reverting to the default behavior.

Why?

[ziml77]

All of these are options that your company chooses from. It's possible to have it just show an approve button, to have it show a selection of 3 numbers, or to show the number entry box. Whether or not you are prompted for your password on the device you're logging into is also a decision that your company makes.