Due to your environment is about managed device with SSO enabled, it is a complicated environment, I suggest you open a service request with Microsoft to get more remotely help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.