Hello,
I have already verified the join status.
Came accross some info that indicates a new user cannot login on a hybrid joined windows 10 (without line of sight to local DC), as it is primary source of authenication is local domain controller. Needs to be AAD joined only. Too bad MS hasn't emphasized this (or I have missed it), would've saved me quite some time.
https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/