Hardware tokens are an alternate method of MFA that can be assigned to a user.
The hardware token generates a six-digit code once a minute, similar to the Microsoft Authenticator app and can be used interchangeably with the Authenticator app code once assigned to a user.
The token has a power button that can be pressed to turn on the display temporarily. It will display the six-digit code and a meter showing how long you have until the code refreshes.
Use token as an alternate MFA method
To authenticate using the token instead of the Authenticator app, choose I can't use my Microsoft Authenticator app right now, at the prompt for Authenticator approval.
Select, Use a verification code.
Enter the six-digit code from the token to verify.
Set token as primary MFA method
Sign in to https://mysignins.microsoft.com/security-info. After having the hardware token assigned, you'll see a new sign-in method with that label. Above the list of sign-in methods, next to Default sign-in method, click Change.
Set the default method to Authenticator app or hardware token - code.
The verification screen will now ask you for the code by default