Im getting the same error. However, it works for all Corporate devices which goes through Apple Business Manager or Knox.
Hey, I am facing same issue. Were you able to fix it ?
I resolved this for an environment by enabling Custom Attributes in UEM. Which then populated email values for all users synced from the on-prem AD. I assumed this was required so that Access could then pass this info to UEM for the device enrollment to succeed.
I had an issue with one account where we were getting 'Enrolment message rejected by server' when trying to enroll a device. It turns out the AD account had been created and synced through to WS1 without a last name and email address. These were added to AD later but hadn't synced through. Once I updated those fields enrolment worked fine.
Were you able to fix your issue?