Seems the picture did not upload, so here it is

I don't seem to be able to edit my post. But I checked the sign in logs for this specific user and it says. "Success" at first, then "Interrupted" Sign in error code 50076 

Jamf is only reacting to what M365 is telling it to do, any configuration changes to remove this prompt would come from Entra as it is the IDP looking to verify the user.

• What do the Jamf Connect and Entra logs say?


• Have there been any changes in Entra by your Identify Management teams?

To me it seems like a malconfigured Conditional Access policy.

Thank you for your reply

Here are some logs of the user. I could log in to his computer offline with our Local admin password so we could back up his files - also tried to reset his password to his old password he had before but same issue. 
Will also try to exclude MFA from JAMF connect in Azure to see if that helps

We had the same issue and had to add some additional lines to our Jamf Connect Login plist to enable passthrough authentication.

Add the following keys to your Jamf Connect Login plist:
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCNewPassword</key>
<false/>

The “verify” prompt is related to the way Jamf Connect handles passwords (firstly users type in password to login window web view, then the process is repeated for Jamf Connect local login). You can reduce the number of password requests displayed on the screen by enabling Passthrough Authentication: https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Passthrough_Authentication.html
This way, verify screen can be skipped.

Thank you! It seems we already had this enabled.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>OIDCProvider</key>
    <string>EntraID</string>
    <key>OIDCNewPassword</key>
    <false/>
    <key>OIDCUsePassthroughAuth</key>
    <true/>
    <key>OIDCClientID</key>
    <string>XXXXXXXXXXXXXXXX</string>
    <key>OIDCROPGID</key>
    <string>XXXXXXXXXXXXXXXXX</string>
    <key>OIDCRedirectURI</key>
    <string>https://127.0.0.1/jamfconnect</string>
    <key>OIDCTenant</key>
    <string>XXXXXXXXXXXXXXXX</string>
    <key>CreateJamfConnectPassword</key>
    <true/>
    <key>LocalFallback</key>
    <true/>
    <key>DenyLocal</key>
    <true/>
    <key>Migrate</key>
    <true/>
    <key>MigrateUsersHide</key>
    <array>
      <string>jadmin</string>
      <string>lokadmin</string>
    </array>
    <key>AllowNetworkSelection</key>
    <true/>
    <key>ROPGProvider</key>
    <string>Azure_v2</string>
    <key>ROPGTenant</key>
    <string>XXXXXXXXXXXXXXX</string>
    <key>ROPGRedirectURI</key>
    <string>https://127.0.0.1/jamfconnect</string>
    <key>CreateNewUserHide</key>
    <true/>
    <key>ChangePasswordURL</key>
    <string>https://mysignins.microsoft.com/security-info/password/change</string>
  </dict>
</plist>

We experience exactly the same phenomenon, but only when connected to our internal network. If we're outside (working remotely, for example), we don't have password verification.
The settings are correct, however, according to the documentation.

I might have found a solution. I created an entirely new Jamf Connect Login plist, scoped it to my computer, and excluded my machine from the old plist. After doing that, the "Verify V2_password" prompt disappeared.

I’m planning to test this on a few more machines before rolling it out more broadly, but it could be worth trying on your end as well.

By the way, do you happen to use Meraki and GlobalProtect?

Neither.
What change did you make?

<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCNewPassword</key>
<false/>