My customer is implementing ManageEngine PAM360 for Privileged Access Management.
PAM360 can use Microsoft Authenticator for MFA, but only using One-time password codes, so no Azure MFA involved.
In odd cases, like offshore or in heavy concrete structures with no net, the phone running the Authenticator app won't be online, but only be used for getting the codes from. It seems to be working fine offline in short tests.
Not considering various app/OS updates for the phone, would this represent at problem at all?
Are there any restrictions to use the app this way? Completely offline for one-time password codes, for potentially months.
App / Phone OS updates will be performed on an ad-hoc basis, when someone from tech-support is around.