User adding o365 email to iphone-duo push login expired

I have a user unable to add his 0365 email to his iphone 12. we go through the necessary steps to add account, user signs in, receives duo push, immediately receives error message that the login expired. There is no wait between push being sent to the time its accepted. Due to the security policy, we cannot keep users on bypass for more than a day at a time so putting him on bypass will not fix. The history log shows the push was approved, but o365 says the the secondary auth was not satisfied. Any help would be appreciated.