The error in question is expected if the end-user that is associated with the credentials being exchanged did not complete the enrollment before the exchange is started. This point is listed in the pre-requisites section of the documentation you linked to.
From you description it is not clear if you already ensured that the end-user completed enrollment before and you’re still experiencing an issue or if you just enabled the requirement for MFA and proceeded to do the resource owner password credentials grant. If you’re in the second situation then completing enrollment through an interactive flow (hosted login page) should resolve the issue; if on the other hand the end-user has an enrollment already if you can update the question with the series of steps required to reproduce the issue and a summary of the configuration you have then that would be great.