Since Windows 11 24h2, the Client for OES fails to authenticate to eDirectory with third party credentials.
If "Login With Third-Party Credential Provider" is "On" and "Client Logon" is "Off" at a Windows 11 Enterprise workstation that has been updated with LTSC 2024 and joined an Active Directory domain, then authentication to the domain is successful, but authentication to eDirectory fails. Manually logging in to eDirectory with the same username and password is successful.
This is due to Microsoft changing the EnableMPRNotifications policy with windows 11 24h2. With this version, the policy needs to be specifically enable to allow winlogon to pass user credential to OES client provider in SSO mode.