So my company decided to migrate office suite and email etc to Microsoft365. Whatever. But for 2FA login they decided to disable the option to choose "any authenticator" and force Microsoft Authenticator on the (private) phones of both employees and volunteers. Is there any valid reason why they would do this, like it's demonstrably safer? Or is this a battle I can pick to shield myself a little from MS?
There's no "battle" here. It's their phone, end of discussion. They don't need to justify to you or anyone what they do and do not want on it.
What you don't understand is that a worker does not need your permission or approval to exercise their right to control their personal property, and that right far exceeds any concerns about how easy the IT admin's job is.
Or is this a battle I can pick to shield my self from ms
Read the post before coming to the comments to reply.
OP is asking on here about whether or not to pick this battle and fight his company over it. Yes, you are probably technically correct that a company can't force you to install an authenticator app on your phone. However, that is a battle that you will have to fight with them that will accomplish essentially nothing if you win.
In Canada right now there is a major auto manufacturer that is being sued by the union over this very issue. It is a years long legal case that had to be escalated through the union, it's lawyers ,and now arbitration. Does that not sound like a battle to you?