Just read through most of this. Seems like there’s no full way to replace Microsoft Authenticator without going to relative extremes.
This is probably the one barrier I can’t (so far) work around as my company also uses Microsoft to get on to its corporate login as well as now, the project I’m on using an absolute metric tonne of various Microsoft, O365 and AWS verifications.