Page History

In order for Office desktop clients, such as Outlook, Skype for Business, to support MFA via federated authentication, your Office 365 tenant needs to be configured to support modern authentication. 

However, not all Office desktop clients support modern authentication. Generally speaking, Office 2013 and later desktop clients (including Outlook and Skype for Business) support modern authentication. Check the link below for the list of Office clients that support modern authentication:

https://social.technet.microsoft.com/wiki/contents/articles/32211.modern-authentication-behavior-across-office-2013-and-office-2016.aspx

Enable Exchange Online for modern authentication

Enable Skype for Business Online for modern authentication

Enhanced Clients

Those client applications that do not support modern authentication are called Enhanced Clients. You will not be able to protect Enhanced Clients with MFA, unfortunately.

In order to allow users to continue using Enhanced Client applications, you will need to bind an Enhanced Client logon procedure to the Office 365 application in your DualShield server. Thereafter, users using Enhanced Client applications will continue to be authenticated by their username and password only. Check the details in Logon Procedures for Office 365 MFA

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0.

By default, modern authentication isn't enabled in Exchange Online, but you can enable it.

...