It sounds like you were able to resolve the issue as it's an issue in your environment's GPOs and OUs, and not related to Azure services.
For more information on how gpos, ous, and gplinks I suggest taking a look at this article : https://wald0.com/?p=179
And check to see if your gpos are linked to specific ous or how you've setup your gpos to properly sync as it seems to be an issue with a specific OU in your org, and there must be some sort of configuration that is overriding your GPOs. For more information on this see : https://serverfault.com/questions/373958/how-do-you-override-a-gpo-with-another-gpo
If you continue to experience issues with this I suggest posting this on the Windows Server forums here : https://social.msdn.microsoft.com/Forums/ie/en-US/home?category=windowsserver as the learn.microsoft.com/answers forum is currently handling Azure AD related issues.
If you continue to experience issues I suggest filing a support ticket with Microsoft and a support engineer will engage to help resolve your issue.