I am working on a critical issue where a user has reset his PW from SSPR (Synced account)  and he is now unable to login to Office Apps (Outlook/SharePoint) from his Android Enterprise Fully Managed device using this new PW. Blue circle spins for about 1-2 min then goes back to the original screen. However, the user can sign in to Apps and services from his laptop and iPhone without an issue using the new PW.

After analyzing the logs, this is what we observed  - The Refresh token was invalid (Probably using old credential cache). And the broker app was Microsoft Intune in this scenario that’s why it did not invoke Microsoft Authenticator failed and because the Refresh token was invalid, the sign in failed.

The only temporary workaround is to wipe the device and re-enroll which is obviously a pain and unprofessional to propose to an enterprise client. I would really appreciate any inputs from you.