That seems to me to be the key. Sounds like an inadvertent brush across the screen or some kind of spurious signal back from the app to the MS security server. Did you report the incident to Microsoft in some way to fully and completely explain what happened?
I’ve been using the MS Authenticator app and several other authentication apps for years for both personal and work use (in multi-million dollar projects) and never had anything like that kind of blatant wrong behavior from the app. And yes, once in a great while I get notice of someone trying to hijack an account and have always been able to deny the attack, even with iOS Face ID enabled.