This article explains why the following error occurs when a user attempts to sign in to Office 365.

Unable to meet the authentication requirements imposed by 'acr_values' parameter.

• Office 365 (O365)
• Azure Conditional Access Policy
• Multi-Factor Authentication (MFA)

This behavior occurs when an Azure conditional access policy requires Multi-Factor Authentication (MFA) and the user is unable to enroll in additional authenticators due to the Okta authenticator enrollment policies. 

NOTE:

• Admin accounts in O365 will be forced to complete MFA when connecting to O365 admin resources, irrespective of the conditional access policy configurations. For more information on this change, please review Microsoft documentation: Planning for mandatory multifactor authentication for Azure and other admin portals
• When the Okta Application Sign On Policy (ASOP) is configured for password only for a user and the O365 Conditional Access Policy requires MFA, Okta will still prompt for MFA. Recommendation is to ensure all policies, excluding legacy authentication, prompt for secure authenticators.

Review the Okta authenticator enrollment policies to ensure the user or admin is being applied a policy that allows the enrollment of additional factors other than password.