In order for Office desktop clients, such as Outlook, Skype for Business, to support MFA via federated authentication, your Office 365 tenant needs to be configured to support modern authentication.
However, not all Office desktop clients support modern authentication. Generally speaking, Office 2013 and later desktop clients (including Outlook and Skype for Business) support modern authentication. Check the link below for the list of Office clients that support modern authentication:
https://social.technet.microsoft.com/wiki/contents/articles/32211.modern-authentication-behavior-across-office-2013-and-office-2016.aspx
Enhanced Clients
Those client applications that do not support modern authentication are called Enhanced Clients. You will not be able to protect Enhanced Clients with MFA, unfortunately.
In order to allow users to continue using Enhanced Client applications, you will need to bind an Enhanced Client logon procedure to the Office 365 application in your DualShield server. Thereafter, users using Enhanced Client applications will continue to be authenticated by their username and password only. Check the details in Logon Procedures for Office 365 MFA