Better information about source/system in OTP-sms:es and authenticator requests
Make it visible what system/source/purpose an OTP SMS or authenticator request is concerning.
The current solution does not state more than the source "Microsoft" and the OTP. It becomes hard to verify that the purpose of the OTP is legitimate.
As a reference you could look into Swedish Mobile Bank-ID where the name of the company or organization requesting verification is displayed as part of the request.