Hi, @Ronald Seow
Thank you for posting in Microsoft Q&A forum.
I checked the event id 4625 from the documentation, it says this event generates on domain controllers, member servers, and workstations.
And do you mean it only registered a failed login attempt with the Event ID 4625 and Logon Type 3 on SCCM Security Logs, but registered a successful login on that device and DC? It's really strange, it looks like have something to do with SCCM but the behavior seems unreasonable.
You may try to send a frown from SCCM console about this issue:
In the upper right corner of the console, select the smiley face icon. Then select "Send a frown".
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.