I don't have a good answer, you might need some more breakfast with eggs though :)
You cannot disable the push by a click, that is only possible for the users that authenticate through radius policies.
The push however is just a connection from FortiAuthenticator to a proxy server we use, push.fortinet.com, and then to Apple/Google. Finally it pops up on the phone.
If you were to disable that connection, push messages would not be sent anymore - for any user.
If this is a way to go with - create on the FortiGate or firewall an address object for "push.fortinet.com" and a policy that is set to block traffic to that address object.