it depends if the account is synchronized from on-premises or not
- if it is synchronized than enable it in AD users&computers or use powershel 'enable-adaccount' and the status will synchronize to AAD
https://learn.microsoft.com/en-us/powershell/module/activedirectory/enable-adaccount - if it is not synchronized than enable it in admin.microsoft.com via user Account tab >'Unblock sign-in' as shown in the following picture
or use powershell (AzureAD module)
'Set-AzureADUser -ObjectID fabricec@litwareinc.com -AccountEnabled $true'
https://learn.microsoft.com/en-us/microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell#block-access-to-individual-user-accounts
if you use risk based policies you additionaly need to first remediate the risk that blocked the user sign-in
regards