I have another idea: after logging in to Windows with an AD account and password, the system displays a QR code, which can be scanned with a mobile device to complete the unlock process. I wonder if this authentication procedure is feasible?
What you are describing would be the TiQR token.
The QR code contains a challenge, that needs to be scanned.
However, this is quite outdated and has technically no advantage over push tokens.