Azure AD has a PhoneAppNotification MFA mode, in which the mobile Microsoft Authenticator app is used. If the server is configured to do so, the user will need to input a code into the app. saml2aws supports this mode by displaying the code in the following message:

Phone approval required. Entropy is: 08

However, when running saml2aws with the --quiet flag, the message is suppressed, and the user has no way of knowing the code to input. This makes the PhoneAppNotification with entropy mode incompatible with --quiet.

Pull request: #1129

The PR was merged