How to stop Office Apps from Prompting for Windows credentials when opening documents from a SharePoint Server Subscription Edition web applications that uses SSO only for authentication

The SharePoint Server Subscription Edition (SPSE) Web Application uses only Windows authentication in its Default zone. It uses only a Trusted Identity Provider (Azure AD SSO) in its Internet zone.

Users access the web application through the internet zone URL and login with their SSO credentials.  There are no issues accessing the SharePoint web application.

When trying to open documents stored in the SharePoint site (Shared Documents library for example) with Word or Excel, the Word application is launched, and it prompts for Windows credentials.  Entering credentials obviously doesn’t work and it keeps prompting.

When the Windows credentials prompt is cancelled, Word displays

And the document fails to open.

This configuration (SharePoint web application with SSO) and Office  Apps do work correctly some of the time.  When it does, after cancelling the Windows credentials prompt, Word may display

If Word/File/Options/Trust Center/Truste Center Settings/Form-Based Sign-in/Sing-in Prompt Behavior is set to “Ask me what to do for each host”, the next time you try to open the document from SharePoint site, Word may display

If Yes is clicked, then Word displays the SSO dialog and the document opens as expected. Alternatively to the above, Word may instead display

And as before, if you click “Yes”, Word displays the SSO dialog and the document opens as expected.

From this point on, documents open as expected from the start and no more Windows credentials prompts are received.

Until some undefined period of time or an undetermined event happens when Office Apps start prompting for Windows credentials again when opening documents from the SharePoint Sever site. 

Cancelling the credentials prompts results in

And the SSO dialog is not displayed ever again and documents fail to open.

Sometimes it is possible to reestablish the authentication flow described above by:

1.       Closing all Office Applications

2.       Making sure there are no Office applications running in the background by using Task Manager

3.       Using Credential Manager to remove all credentials related to Office and SSO

Then trying to open the document again.  But, this does not always work and working with documents becomes impossible.

Are there Office configuration settings that can proactively and permanently prevent this issue?

Are there SharePoint server configuration settings that can proactively and permanently prevent this issue?

Is there an Office cache that can be deleted when this issue appears?

I hope someone out there has been able to resolve this issue definitively.  It is causing too many issues for us and our customers.