Yubikey vs Authenticator for Microsoft account

Thanks for the answers. It seems like using only Yubikeys is the better option.

Nostromo:

I don’t rely on security keys exclusively because you can always lose your back ups too.

I was thinking of using four Yubikeys, two at home and two at separate locations far away from here, the probability of losing all four at once would be extremely low.

Onscreen5341:

The only thing that bypasses FIDO2 are session tokens. If the attacker gets to your session tokens, this means he has compromised one or more devices that you use. In addition, you also do not get a notification when somebody logs in with a session token or removes session tokens.

This sounds interesting, can you explain more? For example, if I log in to Outlook in a browser, is a session token created for the browser, and when I log out it gets erased? What about the Outlook Android app, you only have to log in once and you remain logged in, does this mean that the session token is permanent and someone can steal it to access the account from other devices?