Assume that your Microsoft Office 365 organization is federated and that it's enabled for modern authentication. Additionally, assume that you're using directory synchronization to sync on-premises Active Directory to Azure Active Directory (Azure AD).
In this environment, when a federated user tries to activate a Microsoft Office application, the user receives the following error message:
No credentials The system requires that you sign on to a valid account
This issue occurs if the ImmutableID attribute of the user is missing. When the federated identity platform sends the expected values of the user principal name (UPN) and the ImmutableID attribute, the ImmutableID attribute can't be verified in Azure AD because the property is empty. This causes the service to deny access. In this case, the service is Office.
Update the ImmutableID attribute of the user. However, be aware that you can't directly update the ImmutableID attribute of a federated user. Therefore, to resolve this issue, use one of the following methods: