Microsoft requires a user without MFA to configure AADC this is how to create one
Due to Microsoft only partially supporting MFA for Azure AD connect cloud sync (required for AVD) an Azure AD (Active Directory) user with the global administrator role with MFA disabled is required for initial configuration. After this initial configuration is done (initial AVD deployment) then this user is no longer used by Azure AD connect or the MCIT platform. For reason security we do not save these credentials.
If your Azure tenant does not force MFA (multi factor authentication) , aka 2FA, then the below steps do not apply, you can supply any global admin for the Azure AD connect configuration.
Create a Temporary Azure AD User
If MFA is forced for your Azure tenant or for global admins, simply create a new user in Azure AD via: https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Make sure this new user has the roles "global administrator".
Change password and Confirm User does not require MFA
To check if the user is MFA required simply sign in to https://portal.azure.com
When you sign in the first time you will be asked to change the password. If you do not sign in at least once Azure AD connect setup will fail.
If after entering the username and password you are challenged for an SMS, phone call or authenticator code then MFA is enable and must be disabled temporarily. Note: If prompted to setup MFA you can skip this and it will not usually force you to enable it for 14 days. If the user is within the 14 day grace Azure AD Connect setup will still complete.
Delete the user if applicable
After the MCIT AVD deployment is complete and Azure AD connect is successfully syncing you can delete the temporary user you created (if you created one). You can do this from: https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Relate Article - Error in Active Directory Connect Cloud Sync: