Sudden authentication problem with logging into Domain clients

Question

Server 2022. Windows 11 clients. On prem domain.

We have always, for years, been able to give a user a laptop out of stock in the event the one he currently uses is broken or just out of warranty and have him login to the new laptop using his domain credentials. All in-stock laptops have been set up and joined to the domain.

Yesterday I gave a laptop to a user who's current one had died. He could not login and was met with the error:

"the sign in method you're trying to use isn't allowed."

I logged in using my administrator account, which had been used to join it to the domain, so my profile already existed. I added the user's domain account to the local administrators group on the laptop and logged out. They were subsequently able to login.

Now, and again, for years, they would just get a laptop out of stock and login, I would later on add them to the local admin group.

Has something changed recently? I have not changed any GPO's on the server side. I am a part time admin for this network (small company) so this can be a major headache. I don't want to go mucking around with the GPO's unless I am sure that is where the problem lies.

All users are admins on their laptops and it has been that way for 12 years, I don't wan to drag this question down that rat hole. The above scenario all took place in the office with a solid network.

My main question is, has something changed in past month or so that would have prevented the user from authenticating until added to the local Admin group?