Microsoft will probably tell you that the Microsoft Authenticator supports syncing, so you should set it up on a backup device.
This has several problems though, one of them being that they assume you have at least two mobile devices (let's say a phone and a tablet) and another that they assume the OS you run on both your devices is the same. They do not support migrating you passwords between Android and iOS for example!
I love that the "big guys" get to support syncing passkeys between devices... but others don't (wasn't it KeePas who had issues where they were threatened by being blocked from supporting that - https://github.com/keepassxreboot/keepassxc/issues/10407#iss... )
Microsoft's interesting approach here with Authenticator is that they don't expect you to trust one cloud with all your credentials, they are hoping that you can trust two clouds with partial information. They've (allegedly) got some variant of Shamir's Sharing where some of the data is encrypted in OneDrive and some of it is encrypted in iCloud or Google Drive depending on which phone you use. That's (supposed to be) why there is that "phone-type lock-in" on the automatic backups/transfers because the cloud with the most phone-native/device-specific encryption is phone-vendor dependent today.
Do you trust VPNs? Because they are the same idea with a slight twist. VPNs encrypt data before it leaves your computer and decrypts it when it arrives at the destination.
1Password and the like encrypt data before it leaves your computer, stores it for however long you want, and then decrypts it when it the data is copied to your computer.
This has several problems though, one of them being that they assume you have at least two mobile devices (let's say a phone and a tablet) and another that they assume the OS you run on both your devices is the same. They do not support migrating you passwords between Android and iOS for example!