In my case, the app does not provide an unlock code. Instead, the app contains an in-app button, which itself fires back the message to Microsoft/Google to unlock.
Didn’t realize that, I thought i provided a code through this system that was visible too the user.
This sounds similar to google’s 2fa with android where if you try to sign into a google account it wont exactly send a code but will display 3 numbers and you have to tap the correct one on your android device. I wonder if it uses a similar architecture 
That is quite frustrating, it is unfortunate that IT departments expect these sorts of things on personal devices or on personal networks. I do get that a lot of programs need windows and users are use to windows, but I am not sure I get depth of the total investment of so many IT departments into Microsoft/Windows.
I do not have interest in further attempts to investigate the possibility of reverse engineering this thing
Rather than the app/protocol I was more thinking waydroid might have some sort of headless solution especially where a code is not displayed graphically, so the app could be run without modification just with less resources and maybe a few scripts/input replays could be used to interact with it. But I really wouldn’t want to put much more time into this either.
If you reverse their app and build a replica, they will do an update to kill your replica
Yep