If your organization is using a logo or retrieves any of the images using an FTP path, you'll have to authenticate for that FTP connection. This would be why, even if you don't authenticate, you can still get to the OWA site. Have your OWA admin check where the images are being hosted from and redress (move them to your company website perhaps?) accordingly.

Try putting in the full path to the OWA site in Chrome, including the "https://", I've noticed on our WES that if you don't put the https:// and if you leave off the /owa at the end, it will flash an error page that redirects to the main login. So maybe Chrome handles that redirect page differently.

This is probably a proxy username and password having do do with either a pac file that chrome doesn't auto-discover, but IE and Firefox do or NTLM authentication. And yes, some proxies will ask for authentication, then proceed to function just dandy without being authenticated, although they will keep asking.

This is a MIM attack. It is probably stemming from Superfish. Try going to your registry, then select Find. Type in Superfish and hit enter. And what do you know, you are a victim of MIM ad setting scandal just like I am. What you described is exactly what my Chromebook does to me, and they say Chromebooks can NOT be hacked. If you type in ping Kproxy.com you will find the source. What I did is hook up a chromebook and a Windows computer (which I found Obliterate in later) and did a little back and forth with Tracepath and Tracert. This all led me straight back to Shanghai. 10 Billion dollar class action against Lenovo for putting pre-installed software in most of their devices from the Oct 2014 to Jan 2015. I was lucky enough to pick up my Spy infested Lenovo Laptop on Dec 23 as a Christmas present and at that time I also acquired the dirty, most malicious, SOB hacker you could imagine. Anyways, ask yourself if you either bought a lenovo product within those time parameters or if anyone in your network did.