Comment by WorldMaker

I believe this is also a consequence of iOS gating background processing and scheduled timers allowed by an app based on whether or not notifications are enabled by the user. I believe Microsoft Authenticator also wants notifications enabled for the same reason most Banking apps on iOS want notifications enabled, so that it can register a ~10-minute background timer to run any backups, securely clear program memory, and safely "logout" from any active "session".

On the one hand it helps avoid "permissions fatigue" that the user just has the one permission to manage ("enable notifications"), but on the other hand it does lead to these questions about why an entire class of applications (banking apps and security apps) whose role should be mostly never to send notifications (because that can be a FUD/fear/fraud vector) need notifications enabled to work securely.