Premier support is failing to make an progress, I have had a ticket open for a month now with no luck (Getting escalated to Tier 3 this morning). Here is the scenario
We have Conditional Access rule that says if someone accesses Office 365 (All Office) from a Non-trusted Location require MFA. For most people it works fine but we have about 10% of the people who run into a really weird problem in outlook only, all other apps (Skype, Word, etc.) work fine.
User opens outlook (2016 current monthly) and it shows the "need password" screen at the bottom and no email is sent/received, when we click on it we see a white box comes up and goes away, it does not give them the option. So kind of stuck there!
When you go to File->Accounts and do a Sign-out and then try to sign-back in it comes up with the email window but as soon as you submit the email the window goes away and they stay signed out. Here is where it gets interesting, lets say you put someones email in there that works (but is also part of the same MFA rules), it takes that and then brings up the MFA prompt for original user. Once that user then presses approve (MS authentication app, push notifications) then it signs that user in and email starts flowing again. It seems to work for a couple of weeks and then stops again with the same prompt.
We put in all the normal reg keys to enforce modern auth
(EnableAdal -1, Alwaysusemsoauthforautodiscovery = 1, disableADALaptopWAmOverrride - 1,Disable AADWAM) but I think it may be something on the username side since putting in another username works.
From what you explained here , it seems to work for some users. My recommendation would be to focus on the client end and anything to do with the client end related issues. Compare (cross check) both working and non working machines. Which operation system they use? Which build? X64 OR X86 Architecture? Exact version of Outlook? Which build? Are all users under the same domain? Same GPO applied to all? Have you checked the credential manager?