Confirm that there is an Access Node which contains a valid subnet for the system where the user is authenticating from:
Confirm that the authenticating user is a direct or indirect (via group membership) member of the Access Node:
For more information on Access Node configuration, please refer to Knowledge Article
45588,
Defender Access Node Configuration.