Microsoft can actually use TOTP, Push, or offline keys.

Which of them are available depends on what your company has configured.

If the push version is configured, it's possible it has also installed an MDM profile on your device. Avoid that, or your phone will get wiped when you leave the company in the future.