it depends if the account is synchronized from on-premises or not
- if it is synchronized than enable it in AD users&computers or use powershel 'enable-adaccount' and the status will synchronize to AAD
- if it is not synchronized than enable it in admin.microsoft.com via user Account tab >'Unblock sign-in' as shown in the following picture
or use powershell (AzureAD module)
'Set-AzureADUser -ObjectID email@example.com -AccountEnabled $true'
if you use risk based policies you additionaly need to first remediate the risk that blocked the user sign-in