I know this post is several years old but was curious if anyone had any further updates.
We're experiencing the same behavior with a 7 day session control for Hybrid Joined devices & mobile devices. And the behavior of MFA prompts on Windows, iOS & Android are all over the place.
Some receive a separate prompt from various M365 apps on Windows after the session control expires. Similar experience on mobile, but its not consistent for everyone.
For example, my Android device is super consistent & seamless. I'm prompted to sign in (first factor + second factor) after opening a M365 app, & any M365 app I open after seems to share that token & not prompt me. Others on Android & iOS don't have this experience & are prompted per app.
On Windows, I'm prompted periodically for random apps throughout the 7 day period. At this point I can't even tell when my 7 day period is on WIndows.