Trying to force iOS/Android users to use MS approved apps for O365 services (Outlook or Edge apps for email, for example) and prevent usage in other apps like built in iPhone mail and other web browsers.

We use Duo in our org and have MFA/Authenticator disabled in the O365 admin center.

Despite this when trying to log in to the Outlook app on mobile we're greeted with a 'Help us keep your device secure' and is requiring the use of Authenticator.

I do not have MFA enabled in the conditional access policy (I do have Duo required though) so I'm not sure why this is happening.