Active Directory users with a unique user principal name (UPN) that you changed to match their email address can use the old UPN to log in without MFA. Users must still type their user name and password.
This issue only occurs when the user logs in with the old UPN. When the user logs in with the updated UPN, MFA is required.
This issue is not related to the agent for Windows and occurs whether or not the agent for Windows is installed. Users affected by this issue can successfully log in to their computers.