Hello @Admin User
Thank you for your post.
On my humble opinion, I would suggest to review the following settings as seen below:
-Review any conditional policy access in place that can be filtering the user Location based , Legacy devices or OS and so on...
-Check if the end-user affected is being displayed under Sign-in Risky users blade
-Also, it is a good idea if you can double-check if OU attribute from the machine/device was on sync'd with AD Connect
Furthermore, the next articles below might help you to get more ideas where to isolate the issue and troubleshoot it so, see them:
I hope this can be helpful for you.
Looking forward to hear back from you.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.