This is a pure M365 environment. No hybrid, 5 of 6 users are working as expected.
1 of 6 is unable to sign in via Outlook for Windows Desktop. MS Mail/Andoird Outlook/Outlook for Web are all OK and work as expected.
In Windows Desktop Outlook 365 (up to date) we set up a mail profile as normal and the sign in box pops up, we enter the user and pass and... nothing. Just loops back to requiring user/pass. We are stuck at this point.
Whats happening, and this is across multiple machines/versions of Outlook/networks, is that the authentication request doesn't even appear to hit Exchange Online.
If I look at the AzureAD sign in logs there's just no entry for the attempts to log in with Outlook for this account.
To demonstrate this I've attempted a login from a mobile hotspot with a unique IP. After half an hour or so of sporadic sign-in attempts the AzureAD Sign-Ins page shows no attempts for this IP. The moment I try to login to Outlook for Web an entry appears for this IP (and sign in to OfW is successful). I tested this with a different account on a different tenant and it worked immediately over this hotspot.
I've tried from the users system, my own system, several networks and with a new profile in a known working version of Outlook. All other users in the same tenant are fine.
So there's something in this users configuration that is preventing Outlook from even attempting to connect to Exchange Online. There's a bunch of history for this user which I'm not privy too and won't be able to find out, at some point there have been application passwords and MFA but these have been deleted / disabled. This was working up until recently, then their Windows desktop was re-installed and now we have this issue. I suspect that there may have been some attempts to fix an issue that isn't being relayed but I don't understand what.
Microsoft Connectivity Analyzer passes without issue, and as I say other users of the same tenant are working fine.
Any thoughts on why this user may not be able to authenticate?
Ultimately I disabled Modern Authentication for the tenant and everything started working immediately.
After a bit of time testing various things I re-enabled modern auth and everything continued to work. We re-enabled MFA for all the users and everything was fine.
I can only assume there was an issue when Modern Auth was enabled that disabling / enabling resolved.