Two Factor Authentication not ready for prime time
The online documentation is wrong (e.g. how to make a device trusted, and how to generate an App Password)
It isn't integrated with Google Authenticator even though other Microsoft websites are.
Outlook 2016 doesn't support two factor authentication. Having to get all users to generate an App specific password just to be able to use email would be a nightmare on rollout.
When you do generate an App Password, it generates a machine password, there is a large button called "Copy to clipboard" which unfortunately appears to work (closes the window) but doesn't copy the password.
According to microsoft tech support, if you set the number of "remember me days" higher than 14 it won't work - even though it allows a maximum of 60.
Onedrive for business shouldn't timeout after 14 days. Once you authenticate, it should stay authenticated. Instead your files will just stop syncing after 14 days.
Interesting you mention that. I have MFA enabled for all users in my O365 domain. Outlook 2016 works just fine for us, no app passwords needed. OneDrive has never stopped syncing. I wonder if you have a different issue?
also if you turn on MFA you can't connect via powershell to some environments such as sharepoint and exchange online. connecting to AAD does work.