ADFS Proxy time drift causes no authentication. I have run into this and I know of at least a couple more issues of this occurring. When you have multiple ADFS Proxy servers load balanced this becomes hard to troubleshoot. One issue of this is it affects the Outlook clients internally intermittently being able to connect. Some users connect fine while others do not.

The reason this affects Outlook clients internal to the network has to do with how Outlook authenticates in an Identity Federation situation. Outlook sends the Username and Password to Exchange Online and then Exchange Online conducts the authentication just like a user attempting to connect to the Portal from outside the company network, using the ADFS Proxy. This is a key thing to keep in mind. Outlook clients in network do not authenticate against the internal ADFS servers.

So back to the real issue, since the ADFS Proxy servers are not domain joined, they do not participate in the Domain Hierarchy Time Services. So it is very very important to insure that the time settings on the ADFS Proxy servers are kept in line with the internal domain. Many times these servers are also virtual, compounding the problem with time services. Ensure that if these are VMWare VMs they VMWare tools are installed and that time sync with the host is setup.