@Daniel Willard , the error Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '{identifier}' may be CA related. For more information on how to verify if that's the case take a look to What Conditional Access (CA) details can I see in the sign-in logs? and View Conditional Access policies in Azure AD sign-in logs. Optionally you may provide us with correlation id and timestamp of failed signin attempts for further debugging. Take a look to Azure AD sign-in events for how to get them.
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.