A SMS token is sent when requested, and it is a valid token. Other unexpected SMS Tokens are also sent at the same time to the user; only one is expected.
Within Active Directory Users and Computers, locate the Defender Policy that is in use for the Mobile Tokens. View the "Properties" of the Policy; and click the "Mobile Provider" tab.
Verify which option is selected: "Automatically Send SMS as required" or "Only send SMS when requested". If this is configured to "Automatically Send SMS as required" please change to "Only send SMS when requested". Test to verify that only one token is received.