Since the engagement is an External Pentest there usually isn't any kind of social engineering or interactions with the users to bypass MFA. This leaves us limited in our attack options
MFASweep and ropci are great tools to bypass MFA. Exchange Web Services (EWS) can be used instead of Outlook to authenticate to O365 by using MailSniper.
MFASweep Example
MailSniper will parse through the emails hunting passwords down
