I was trying to admin an Office 365 E3 tenant from my home office. I followed the instructions here and here. The first link is the installation of the various modules that you'll need, and the second is the set of steps to import those modules and connect to the O365 tenant.
When I tried the Connect-SPOService cmdlet I received the following error:
Research showed that other users encountered this error after following instructions as well. Depending on the ISP, the users would get the "DTD is prohibited..." error. The culplrit is a feature of the ISP's that intercepts unresolved DNS requests and routes them to a web search that is part of the ISP's service offering. The blogs showed that Virgin users experienced this, but I couldn't find if it was the case for my provider in USA, which is Verizon FIOS.
Verizon calls this feature "DNS Assist". That's what was causing me to come up empty while searching for other suggested terms like "Error redirect". You can opt out of this service, but it's not as easy as checking a box. You have to login in to your home router and modify the DNS server settings there. The magic happens when you change the last octet of the Primary and Secondary DNS servers from .12 to .14. This routes DNS requests to a set of servers that do not intercept failed DNS names. It was that interception that was hijacking O365's authentication mechanism.
Full detail can be found on the FIOS articles: Opting Out of DNS Assistance. You have to find your router and click on the link for the specific instructions there.
After modifying the settings the article suggested I restart my computer. I didn't have to do that; the cmdlet worked fine.