AzureAD SSO / MFA issue

When the user has already a valid session in Office365, he can use the Azure authenfitication through gitlab.
When he tries to go the process from gitlab with login and password, it doesnt ask for mfa (so it skips) and I get an error message:
could not authenticate you from AzureOauth2 because "Interaction required: aadsts50076: due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

I did everything like in the docu for azureAD. Also grand admin access for the enterprise application but it is not working. How can i solve this?

Still have this issue. Login is only working, when user is logged in before in M365 and goes then to gitlab.

Is there any suggestion for this?