Try adding the following Service Principals "bb2a64ee-5d29-4b07-a491-25806dc854d3" and "3db474b9-6a0c-4840-96ac-1fceb342124f" to the KeyVault access policies. Once you add the Service principals mentioned above, under Key Permissions, select Get and Sign for both of them. That should get you rid of that key vault error on the Authenticator app.