Office 365 supports 2 types of user authentication, Managed Authentication and Federated Authentication. Managed Authentication uses the internal Azure AD as the identity provider, whereas Federated Authentication uses an external identity provider. The external federated identity providers can be an ADFS, WSFED or SAML authentication service. In order to use the DualShield to secure office 365 with MFA, we will change your Office 365 custom domain from the Managed Authentication to the Federate Authentication and set your DualShield SSO service as the federated identity provider for Office 365.
Furthermore, if your custom domain is currently set as the default domain, then you need to change the default domain to another customer domain or to your ".onmicrosoft.com" domain. Office 365 does not allow the default domain to use federated authentication. Please refer to the link below for the instruction on how to set a different domain to be the default domain.
It is recommended that you have a tenant administrator account in your "onmicrosoft.com" so you don't lock yourself out of your tenant.