Attempting to assign a Host Integrity Compliance Policy to Device Group in the Symantec Endpoint Security console requires entering a one-time PIN that is sent to the registered email address of the user assigning the policy.

The email with the PIN is never received by the user. Reviewing the users email junk folder and / or the email spam filters, doesn't show any blocked emails from Symantec Integrated Cyber Defense Manager 

Symantec Endpoint Security

The registered user email address has exceeded the SaaS Platform Service bounce count. 

Contact Broadcom support to request a reset of the  "bounce count" for the users Symantec Endpoint Security registered email address.