Entra Seamless SSO - Office 365 unlicensed and SSO not working - non persistent VDI

Question

I have an issue with SSO failing for Office 365 rendering the product unlicensed, as well as any other hosted Office apps in a non-persistent VDI.

I've validated the following:

SSO configuration:

1. autologon.microsoftazuread-sso.com URL is configured as an Intranet site in IE Zoning and ‘Allow updates to status bar via script’ is also enabled via GPO.
2. Feature is enabled in the tenant with password hash synchronization, it's healthy with warnings. recommending to refresh the kerberos decrypt tokens be cycled. Given there’s no TTL or indication services are impacted if the keys are not rotated so I'm not classing this as a root cause yet.
3. MFA is enabled for authentication. More on this below.
4. AZUREADSSOACC is present in AD and enabled.

Office ClicktoRun setup:

1. Shared computer activation is enabled in the installer, and verified via the registry.
2. Windows 10 22H2 OS in use on instant clone desktop.

Behaviour:

1. Upon logon, opening an office app presents with a sign-in screen and unlicensed. If I authenticate with username, password and MFA prompt, Office will obtain a license and activate. This is the current behaviour.
2. If I browse to https://myapps.microsoft.com from a VM that hasn't pre-authenticated, with developer tools running I can see the following error:

Observations

1. Running klist after I have authenticated to Azure shows a kerberos ticket is issued from the azuresso domain, but there is no indication of a ticket being issues by the AZUREADSSOACC computer account. (see this excerpt: List the existing Kerberos tickets on the device by using the klist command from a command prompt. Ensure that the tickets issued for the AZUREADSSOACC computer account are present. Users' Kerberos tickets are typically valid for 10 hours. You might have different settings in Active Directory.)

I've ran through the checklist and known issues on the MS KB and cannot see what is causing this failure. Help!