After you apply security update 3065822 or a later cumulative update for Internet Explorer 11, the cross-site-scripting (XSS) filter may prevent submission of token content that's required in order to perform Active Directory Authentication Library (ADAL) authentication. For example, users may report the display of a hash ("#") symbol on the webpage when they try to access Office 365.
To fix this issue, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. Additionally, see the technical information about the most recent cumulative security update for Internet Explorer.
Note This update was first included in the MS16-023: Security update for Internet Explorer: March 8, 2016.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.