Multi Factor Authentication (MFA) - Why does the Microsoft Authenticator App allow you to approve a request without unlocking the device?
This article answer question about MFA app allowing you to approve without unlocking the device.
This is by design. Two-step verification requires proving two things – a thing you know, and a thing you have. The thing you know is the password. The thing you have is your phone (set up with the Microsoft Authenticator app and registered as an MFA proof.) Therefore, having the phone and approving the request meets the criteria for the second factor of authentication.