> Is no-one at Microsoft actually using their own Authenticator?

At most, I'd expect people to only use it for work, where Microsoft is the only issuer.

I also expect lots and lots of people to not use it.