It's also possible your tenant admin updated Conditional Access rules for some locations or applications. Or maybe they screwed up the Hybrid AAD sync from the on-premise DC. As I've been trying to point out elsewhere, tenant admins have a much higher influence on these outcomes than people are willing to admit, and there are a lot of admins out there who can't be arsed to keep up. I've made some of those mistakes myself.