Modern Authentication is enabled at the tenant.
Enabled one user with MFA within Office 365
Without any additional Claim Rules MFA seemed to work for ADAL client (Outlook 2016)
Created App password and attempted to use it for legacy ActiveSync client.
Authentication does not succeed (instead user is prompted to fill in fields like server etc..)