I posted a question a couple months ago about this problem, but I just can't get the DHCP server to assign and address. I've setup a capture on the interface, and no traffic ever goes to the DHCP server. When I try to log in, I get an instant disconnect about not being to assign and IP. I've used the following two articles for guidance:

https://integratingit.wordpress.com/2022/02/06/asa-anyconnect-vpn-dhcp-address-assignment/

https://www.petenetlive.com/KB/Article/0001050

Here is the configuration, and as soon as I remove "address-pool VPN" from "tunnel-group MFA general-attributes", and address cannot be obtained. Under the group policy, I've tried to change "dhcp-network-scope 172.20.1.0" to "dhcp-network-scope 172.20.1.1" as I saw an article somewhere that said you couldn't use the start of a subnet, but this didn't help. Any thoughts? 

<config>

ip local pool VPN 10.10.192.10-10.10.199.255 mask 255.255.248.0

tunnel-group MFA type remote-access
tunnel-group MFA general-attributes
address-pool VPN
authentication-server-group ISE
default-group-policy GroupPolicy_MFA
dhcp-server 172.31.10.1
tunnel-group MFA webvpn-attributes
authentication saml
group-alias MFA enable
saml identity-provider https://sts.windows.net/11111a11-a1bc-12a3-a123-12a345bc6789/

group-policy GroupPolicy_MFA internal
group-policy GroupPolicy_MFA attributes
banner value ********************W A R N I N G******************
banner value THIS IS A PRIVATE COMPUTER SYSTEM.
banner value BLAH BLAH BLAH
banner value ***************************************************
dns-server value 172.31.10.1 172.31.10.2
dhcp-network-scope 172.20.1.0
vpn-simultaneous-logins 3
vpn-session-timeout 960
vpn-tunnel-protocol ssl-client
default-domain value domain.com
address-pools value VPN
webvpn
anyconnect modules value ampenabler,umbrella
anyconnect profiles value MFA type user
anyconnect profiles value amp type ampenabler
anyconnect profiles value umbrella type umbrella

</config>