Resolving MFA Issues During Device Enrollment in Intune with WHFB

Hello Team,

Background

Would like to enquire about an issue that been happening lately. we are in the process of implementing WHFB for the employees using the Cloud Trust method. all workstation involved are hypred joined and everything seems fine. using the dsregcmd tool to check all prerequisite everything is running as expected and it state that it "willProvision" and the users are getting the prompt to set up the pin after they log in to the device.

Issue
During that prompt the user will use his MFA to log in and here where the users are getting weird error. after authentication using MFA, a new prompt "allow organization to manage your device" appear but it is not working as expected since the user cannot continue due to a UI issue. Its been happening to random users (even the one that are not in the scope of WHFB Group).

Troubleshooting
We have tried to check for any blockage happening from proxy or firewall with no luck, and it does not seem that it is happening because of this since we can fix it by restarting the workstation (sometimes it works, sometimes it doesn't). I have attached a pic of the UI issue, and have found the following error happen during the prompt

Error: 0x8AA5007C A suspending event for the AAD plugin was received.

Logged at WebUIControllerWebView.cpp, line: 692, method: WebUIControllerWebView::WebViewSuspensionEvents::OnSuspending.

Request: authority: https://login.microsoftonline.com/common, client: dd762716-544d-4aeb-a526-687b73838a22, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/dd762716-544d-4aeb-a526-687b73838a22, resource: urn:ms-drs:enterpriseregistration.windows.net, correlation ID (request): f8690460-0a24-4250-9626-408145837353

I have tried to search for this error, but none are having the same issue. Thank you in advance.