Issue
We have seen the above error when a user does not have OneDrive provisioned. The Service account tries to do this during a migration task. The account has the appropiate permssions (SharePoint admin etc..). Servcie is able to login via browser. No MFA is configured and bypasses all MFA.
Cause
This can be caused if the tenant has the following Access Control policy setting in SharePoint Admin:
Access Control
Change the "Apps that don't use modern authentication" to Allow Access. OR the Set-SPOTenant -LegacyAuthProtocolsEnabled has been set.
More Info: https://learn.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps
This example enables legacy authentication protocols on the tenant. This can help to enable login in situations where the admin users get an error like "Cannot contact web site 'contoso-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'.", and the underlying error is "Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically."
Resolution
Option 1 - Set the Options above to allow.
Option 2 - Pre-Provision users OneDriveAs Per MS KB https://learn.microsoft.com/en-us/sharepoint/pre-provision-accounts
1. Connect-SPOService -Url yourdomain-admin.sharepoint.com
2. #Copy users UPN to users.txt file
3. $users = Get-Content -path .\Users.txt
4. Request-SPOPersonalSite -UserEmails $users
Re-Run OneDrive Migration task(s)