This issue can happen in the scenario where users devices are Hybrid Azure AD joined in Azure AD and when the device doesn't have a PRT. PRT is a primary refresh token that is given to a device when hybrid registration happens for a device in Azure AD.
Next time whenever user tries to login to any azure services, PRT is given to Azure AD. Azure AD validates the PRT and let's the user in without any credentials.
In your situation it looks like issue is with PRT. Or PRT itself is not issued while device joined to Azure AD.
You can follow below troubleshooting article to look into this issue from PRT side,
If you are still facing issues we can work on this offline.
Please send us an email on azcommunity [at] microsoft [dot] com with Sub - Attn: Sandeg and following details in the email body:
Link to this thread/post
We can connect offline and discuss further on this.
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.