Hi Imran,
I'm no expert, but does it provide any other information in the sign-in logs? If you're getting to this point it indicates the primary auth method has been successful, but you are failing on the secondary auth method (MFA) which would usually be logged in the sign-in logs - it may point you in the right direction there - could it be something blocked be CA potentially?
I have found the following link that may be of use, but I see you have already attempted some remediation steps: