Here is the procedure I use when there's a mismatch/error when usingt an Authenticator:
1) In the cellphone Authenticator, remove the User's account.
2) Run ADSS Reports / Enrollment Reports / Enrolled Users Report
3) Checkbox the User. A Disenroll/Trashcan icon will appear at the top of the list. Click it.
4) Confirm that User is now in the ADSS Reports / Enrollment Reports / Not Enrolled Users Report
5) Log the User onto a computer. In the ADSS dialog, select the method to be used for MFA.
6) For Authenticators, a QR code appears. Scan it with the selected Authenticator in (5).
7) A new account for the User will appear in the Authenticator and present a code.
8) The computer dialog will request that code. Enter it. This will logon the User.
I wish there were a simpler method. At least THIS method doesn't require deleting the Authenticator which, if it has lots of accounts ..... Oh My!
Today I had this fail with Microsoft Authenticator so switched to Google Authenticator and was successful.
I wonder what that suggests....?