From the management console navigate to "Directory | Users", left click on the context menu of the user you need to provision a token to then select "Tokens";
A new section of this window will now open showing all tokens currently provisioned to this user;
Click the
button, and a new window titled "Token - New" will open, at the prompt "Product/Model" select "Microsoft Authenticator/Time-Based";
Once the product has been selected click 
and a Microsoft Authenticator token will be assigned to the user.
After the token has been created for the we will need to ensure that the user is able to install a copy of this token on their app.
If the token has been generated manually using the management console, then it is probable that you will want to use one of the following methods to send the token to the user;
The "Display QR Code" context menu option
After selecting the "Display QR Code" option a new window will open titled "QR Code"";
The QR code displayed contains all the data that is necessary for the user to add the micosoft authenticator token to their app.
If the administrator is testing authentication (or is preparing a phone, or programming a programmable token), then the QR code may be used directly with the authenticating device (PC, App on a Mobile or Programmable Token).
Alternatively if the token has just been prepared manually prior to being sent to the user, it possible that the administrator may choose to manually copy a screenshot of the QR code, then manually send it to the user (via Email, screen share, fax etc).
Whilst the "Display QR Code" option provided a graphical version of the token, the "Display Credential Seed" will provide a text version of the seed contained within the QR code;
After selecting this context menu option a new window will open titled "Credential Seed";
The information displayed in this window is available to the copied by the system administrator in order to test the seed.
Using the above credential seed as an example ("P4CEJA4ENYMEDHEUBTTHUAON5IWUABUD") we will confirm that the OTP code generated by the authenticator server is being generated as we would expect.
To test the token we navigate to an online TOTP Generator (a good example is https://totp.danhersam.com/) , and copy and paste in our seed into the generator.
After navigating to the online generator we see a screen similar to the screenshot below;
we replace the secret key with a copy of the credential with the credential displayed on the management console and we find that the online tool now displays 6 digit OTP codes that are based on this seed.
We now context menu option "Display OTP";
A new window will now open showing an OTP code that was generated using the credential seed generated for this token;
If we now compare the OTP code displayed in this window with the OTP code displayed on the online web page we should find the two match (if they do not match then it is advised you check that the clock on your server is set correctly, and if the time (or date) is incorrect it should be corrected.
After selecting the context menu option "Push Token", you will find a list of options for deploying the token to the user that this token is assigned to.
The list will be based on two factors, the presence (or absence) of contact options in the users AD contact details ( phone number, email address etc), and the configuration of the Microsoft Authenticator policy setting options in the sections Delivery Channel Used by the System and Delivery Channels Available to Users.
After the token has been pushed to the user a new window will open confirming delivery of the token;
