In order for Office desktop clients, such as Outlook, Skype for Business, to support MFA via federated authentication, your Office 365 tenant needs to be configured to support modern authentication.
However, not all Office desktop clients support modern authentication. Generally speaking, Office 2013 and later desktop clients (including Outlook and Skype for Business) support modern authentication. Check the link below for the list of Office clients that support modern authentication:
Finally, import the new session into the Windows PowerShell console.
Import-PSSession $session
Run the following command to enable modern authentication: Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
Verify that the change was successful by running the following: Get-CsOAuthConfiguration
Note: to disable modern authentication, run command: Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride
Enhanced Clients
Those client applications that do not support modern authentication are called Enhanced Clients. You will not be able to protect Enhanced Clients with MFA, unfortunately.
In order to allow users to continue using Enhanced Client applications, you will need to bind an Enhanced Client logon procedure to the Office 365 application in your DualShield server. Thereafter, users using Enhanced Client applications will continue to be authenticated by their username and password only. Check the details in Logon Procedures for Office 365 MFA