Hybrid Domain Joined ;1 out of 200 users is not enrolling to Intune

I need your advice regarding 1 user who cannot enroll in Intune.

Hybrid DOmain Joined: 1 out of 200 users is not enrolling to Intune. it is due to

AzureADPRT: no and

isUserAzureAD: no

on disregard status. Tenant Name, MDMUrl are empty. I found out as well that on some users, by default they can log in via Microsoft acct or domain acct on Windows w/o VPN.

whereas this user, you can’t. you need to have VPN in order to log in from domain to Microsoft acct or vice versa on Windows when switching users.

This user has changed from UPN2 to UPN1 a year ago. I can confirm that on AAD and AD, they are matched. The license is there. tried rejoining the devices to Azure AD and doing hybrid.

If I am doing this, I make sure that before I push the enrollment script, the device is already set to Hybrid on AzureAD, if not I will force it via disregard /join and wait for sync.

I’ve tried using another test hardware using the account and they are having the same issue.

Can you advise what logs should I get aside from these things?

MDM error is just Credential Error (0x0),

I believe this problem is on AzureAD or account not on Intune.