If you’re trying to use the Windows Defender Advanced Threat Protection through the API or through PowerBI and get an AADSTS50131 error, you’ll probably check your sign in logs to see if you’re being blocked by conditional access. If there’s nothing there, as I had the joy of discovering (tsk Microsoft, you really should log this) then check your classic policies and disable if present (old anyway):

Hi – just discovered the same problem. Are you sure this policy can simply be deleted? It was obviously put there for a reason and was requiring “Known” devices (whatever that means). If it’s important then I’d prefer to replace it with an equivalent modern policy.