It's not unreasonable for Microsoft Authenticator to request those permissions, but just because they can justify asking for them it doesn't nessesarily mean that you want Microsoft collecting that data, or any data, about what you're doing and when. One of the nice things about hardware tokens is that they keep third parties out of your business entirely.