We have met this error code when multi-factor authentication (MFA) is Enforced. It prevents the Configuration Manager client agent from enrolling the device by using the logged-in user credentials.
Please try one of the following methods to see if it persists:
• Set MFA to Enabled but not Enforced. For more information, see Set up multi-factor authentication.
• Temporarily disable MFA during enrollment in Trusted IPs.
Please also note that there is a difference between having MFA Enabled and Enforced. For more information about the difference, see Azure AD Multi-Factor Authentication user states. This scenario works by having MFA Enabled but not having MFA Enforced.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.