We're using a hybrid environment, so cloud that's connected to a on-premises domain controller.
New rollout, still underway.
One of my users just reported they had to log out from Office on one of his machines (#2), and can't log in again - gets 121003 and a message about password update not being allowed.
I'm on the fence here, because machine I issued them (#1) is a-okay, but he's a "C" and wants to get into his mail from his private device (#2), too. There was no problem with that so far, and most interestingly he is still logged in and works normally from Firefox on #2; the only one balking is Edge on #2.
Somewhere along the way same error was shown when they tried to launch Teams on #2, but I managed to brute-force this - I located cache for Teams app on his work machine (#1) and copied it over the said cache for Teams on his private machine (#2). After a restart, Teams stand-alone launched without any issues.
I resetted Edge, cleaned up, clean booted, still the same. Sadly, search engines seem to associate Error 121003 with ....solitaire on xbox :) I am mystified, why would anything "think" user is updating password when they are merely trying to log in with the password they know and use everywhere else? Why wouldn't it work in Edge when it does in Firefox?
By the way, the password is there in the relevant place of Web Credentials, always was.