Conditional Access policies and MFA (P1 subscription)

Hi,

this is driving me a bit nuts.

I've created a CA test policy and added users to it.

But some of those users (MS business premium licence) get repeated password popups on the outlook (desktop) a day later. So i have to take them out of the policy again.

I added a reg entry which accordingly to one site i read says you need, but its made no difference for one particular user.

I was told by an IT support guy that the users need to have MFA set to "enabled" in the users list. However an online article i read said that you need to set all users within a CA policy to "disabled". The list is only for manual MFA (non P1 licencees?)

Which is it?

Also, considering it seems to take a day for any side effects to appear its going to take me ages trying different configs to get it working.

Any advice would be appreciated.

Thanks