We have 150 users who should be, and appear to be, identically configured, but 8 of them get a different authentication workflow.

How it works:
At our company we use Office 365. We have 150 users that login using Office 365, and, like many others, we have a company SharePoint site. "company.sharepoint.com"

This site is the default homepage in our IE (set using GPO).  We add the site to 'trusted sites' and check "Automatic logon with current username and password".

Which means, when the user opens Internet Explorer, he is directly sent to the company FrontPage (this is all done by GPO).

How it doesn't work:
Now 8 out of those 150 users are not sent directly to the company.sharepoint.com. If IE has been closed they are instead sent to login.microsoftonline.com where they are forced to simply click their O365 credentials, and without typing a password they are sent to the company.sharepoint.com

So, in short, they have another step.

Here is where it gets super strange

I expected to find differences like maybe issues with trusted sites. There are no differences between a working and a non-working user.

I took a user who logs in directly and a user who doesn't and performed the following:

• completely removed all from credentials manager
• checked all IE settings were identical
• checked users were identical in Office 365 Administrator
• completely reset the IE to factory defaults
• deleted all temporary files.

Having done that, the problem persisted.

But... there is 1 difference
It took me a little while to find out.  The 150 working users, all went from Windows 10, 1607 -> 1709. But the 8 with the extra credentials step, all had 1703 for a few weeks in between.

Conclusion

I have no idea.