Why I don’t like links for 2FA into cloud environments…in other words, solutions that “rely on a code authentication flow to allow allowing users to sign into an application by typing an authorization code on a separate device like a smartphone or computer.”
https://www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/