TOTP/MFA Integration setup

I’m attempting to setup a 22.2.3 installation with MFA using TOTP and the Google Authenticator app. Testing so far shows everything is working as it should, but I’m trying to enforce the use of MFA so have enabled that Admin security setting. I’ve created a test user, and when they sign in, the TOTP setup screen appears (as it should) along with a QR code. If I open the Google app, then scan the code, I get a message ‘Cannot interpret QR code’ so the setup doesn’t complete. If I disable enforcement though, logon as the user using a password, then open the personal MFA setup the QR code does scan and it works ok. Infact, this QR code looks totally different to the one seen on the logon screen with enforcement enabled.

So, am I doing something wrong, or is there a bug somewhere? Without MFA enforcement enabled it’s not practical to ask the user to setup MFA themselves, it needs to be a requirement of first logon.