Troubleshooting Windows device enrollment problems in Microsoft Intune

Before you start troubleshooting, it’s important to collect some basic information. This information can help you better understand the problem and reduce the time to find a resolution.

For example, any time that you encounter a Windows device enrollment problem, check the following first:

• Is a valid Intune license assigned to the user?
  
  Before users can enroll their devices, they must have the necessary license assigned.
• Is the latest update installed on the Windows device?
  
  Some features in Intune only work with the latest version of Windows, and there are many fixes for known issues available through Windows Update. Applying all the latest updates often fix a Windows device enrollment problem.

Additionally, collect the following information about the problem:

• What is the exact error message?
• Where do you receive the error message?
• When did the problem start? Has enrollment ever worked? 
• How many users are affected? Are all users affected or just some?
• How many devices are affected? Are all devices affected or just some?
• What is the MDM authority? If it's System Center Configuration Manager, what version of Configuration Manager are you using?
• How is enrollment being performed?

Now let's start troubleshooting based on the answers to these questions. 

Select your problem:

Symptom

When you try to enroll a Windows 10 computer, you receive one of the following error messages:

• This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code (0x801c0003).

• Something went wrong.
  This user is not authorized to enroll. You can try to do this again or contact your system administrator with error code 80180003.

Cause

This issue occurs if the user has already enrolled maximum number of devices allowed in Intune.

Resolution

To fix this issue, use one of the following methods:

• Method 1: Remove devices that were enrolled
  
  To do this, follow these steps:
  1. Sign in to the Azure Intune portal.
  2. Go to Users > All Users.
  3. Select the affected user account, and then click Devices.
  4. Select any unused or unwanted devices, and then click Delete.
• Method 2: Increase the device enrollment limit
  
  Note This method increases the device enrollment limit for all users, not just the affected user.
  
  To do this, follow these steps:
  1. Sign in to the Azure Intune portal.
  2. Go to Device Enrollment > Enrollment Restrictions, and then select Device Limit Restrictions.
  3. Increase the value of Device Limit.

Resolution

To fix this issue, follow these steps:

1. Sign in to the Intune Azure Portal with a global administrator account.
2. Go to Device Enrollment > Enrollment Restrictions, and then select the Default restriction under Device Type Restrictions.
3. Select Platforms, and then select Allow for Windows (MDM).
   
   IMPORTANT: If the current setting is already Allow, change it to Block, save the setting, and then change it back to Allow and save the setting again. This resets the enrollment setting.
4. Wait for approximately 15 minutes, and then enroll the affected device again.

Cause

This issue occurs if the computer is running Windows 10 Home. Enrolling in Intune or joining Azure AD is only supported on Windows 10 Pro and higher editions.

Resolution

To fix this issue, upgrade Windows 10 Home to Windows 10 Pro or a higher edition. 

Symptom

When you try to enroll a Windows 10 computer, you receive the following error message:

Cause

This issue occurs if the Users may join devices to Azure AD setting is set to None. This prevents new users from joining their devices to Azure AD. Therefore Intune enrollment fails.

Resolution

To fix this issue, follow these steps:

1. Sign in to the Azure portal as administrator.
2. Go to Azure Active Directory > Devices > Device Settings.
3. Set Users may join devices to Azure AD to All.
4. Enroll the device again.
    

Symptom

When you try to enroll a Windows 10 computer, you receive the following error message:

Cause

This issue occurs if a different user has already enrolled the device in Intune or joined the device to Azure AD.

To determine whether this is the case, go to Settings > Accounts > Work Access, then look for a message that's similar to the following:

Resolution

To fix this issue, follow these steps:

1. Sign out of Windows, then sign in by using the other account that has enrolled or joined the device.
2. Go to Settings > Accounts > Work Access, then remove the work or school account.
3. Sign out of Windows, then sign in by using your account.
4. Enroll the device in Intune or join the device to Azure AD.

Cause

This issue occurs if the Configuration Manager client agent is installed on the computer.

Resolution

To fix this issue, remove the Configuration Manager client, and then enroll the device again. 

Symptom

When you try to enroll a Windows Phone, you receive the following error message:

Cause

This issue occurs if the user who tries to enroll the device doesn't have a valid Intune license.

Resolution

To fix this issue, assign a valid Intune license to the user, and then enroll the device.

Symptom

When you try to enroll a Windows 10 computer in Intune or join it to Azure AD, you receive the following error message:

Cause

This issue occurs if you use both Mobile Device Management (MDM) for Office 365 and Intune on the tenant, and the user who tries to enroll the device doesn't have a valid Intune license or an Office 365 license. 

Resolution

To fix this issue, go to the Office 365 Admin Center, and then assign either an Intune or an Office 365 license to the user.

Cause

This issue occurs if the MDM terms and conditions in Azure AD is blank or doesn't contain the correct URL.

Resolution

To fix this issue, follow these steps:

1. Sign in to the Azure portal, and then select Azure Active Directory.
2. Select Mobility (MDM and MAM), and then click Microsoft Intune.
3. Select Restore default MDM URLs, verify that the MDM terms of use URL is set to https://portal.manage.microsoft.com/TermsofUse.aspx.
4. Click Save.

Symptom

When you try to join a Windows 10 computer to Azure AD, you receive the following error message:

Cause

This issue occurs when both of the following conditions are true:

• MDM automatic enrollment is enabled in Azure.
• Either the Intune PC client (Intune PC agent) or the Configuration Manager client agent is installed on the Windows 10 computer.

Resolution

To fix this issue, use one of the following methods:

• Disable MDM automatic enrollment in Azure.
  
  To do this, follow these steps:
  1. Sign in to the Azure portal.
  2. Go to Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune.
  3. Set MDM User scope to None, and then click Save.
• Uninstall the Intune PC client or Configuration Manager client agent from the computer.

Symptom

When you try to install the Intune client software on Windows PCs, you receive the following error message:

Cause

This issue occurs if the client software is out of date.

Resolution

To fix this issue, follow these steps:

1. Sign in to https://admin.manage.microsoft.com.
2. Go to Admin > Client Software Download, and then click Download Client Software.
3. Save the installation package, and then install the client software.

Symptom

When you try to enroll a Windows computer by installing the Intune PC client software, you receive the following error message:

Cause

This issue occurs if the client software is out of date.

Resolution

To fix this issue, follow these steps:

1. Sign in to https://admin.manage.microsoft.com.
2. Go to Admin > Client Software Download, and then click Download Client Software.
3. Save the installation package, and then install the client software.

Symptom

When you try to enroll a Windows 10 device, you receive the following error message:

Cause

This issue occurs if Windows MDM enrollment is disabled in your Intune tenant.

Resolution

To fix this issue in a stand-alone Intune environment, follow these steps:

1. Sign in to the Azure portal as administrator.
2. Select Intune on the left, and then go to Device enrollment > Enrollment restrictions.
3. In Device Type Restrictions, click Platforms, and then select Allow for Windows (MDM).
4. Click Save.

To fix this issue in hybrid MDM with Intune and Configuration Manager, follow these steps:

1. Open the Configuration Manager console.
2. Select Administration, and then select Cloud Services.
3. Right-click Microsoft Intune Subscription, and then select Configure Platforms > Windows.
4. Check Enable Windows Enrollment, click Apply, and then click OK.

Symptom

When you bulk enroll Windows devices by following Bulk enrollment for Windows devices, you receive the following error message during the Enrolls the device in management step:

Cause

This issue occurs if the Azure AD user accounts in the account package (Package_GUID) for the respective provisioning package aren't allowed to join devices to Azure AD. These Azure AD accounts are automatically created when you set up a provisioning package with Windows Configuration Designer (WCD) or the Set up School PCs app, and these accounts are then used to join the devices to Azure AD.

Resolution

To fix this issue, follow these steps:

1. Sign in to the Azure portal as administrator.
2. Go to Azure Active Directory > Devices > Device Settings.
3. Set Users may join devices to Azure AD to All or Selected.
   
   If you choose Selected, click Selected, and then click Add Members to add all users who can join their devices to Azure AD. Make sure that all Azure AD accounts for the provisioning package are added. 

For more information about how to create a provisioning package for Windows Configuration Designer, see Create a provisioning package for Windows 10.

For more information about the Set up School PCs app, see Use the Set up School PCs app.

Congratulations! Your Intune enrollment problem is fixed.

If you’re still looking for a solution to another Windows enrollment problem, or you’re looking for more information about Intune, post a question in our Microsoft Intune forum here. Many support engineers, MVPs and members of our development team frequent the forums. So, there’s a good chance that you can find someone with the information you need.

For more information about the enrollment of Windows devices in Microsoft Intune, see the following:

• Enroll Windows devices – This article contains information for all aspects of Windows enrollment, including how to enable automatic MDM enrollment, CNAME registration, bulk enrollment of devices, and more.
• Enroll your Windows 10 devices in Intune – This article describes the end-user steps and experience for enrolling a Windows computer in Microsoft Intune.

For all the latest news, information and tech tips, visit our official Intune blogs:

• The Microsoft Intune Support Team Blog
• The Microsoft Enterprise Mobility and Security Blog

Still searching for a solution to a Windows enrollment problem? Post a question in our Microsoft Intune forum here. Many of our support engineers, MVPs and members of our development team frequent the forums, so there’s a good chance you’ll find someone there with the information you’re after.

If all else fails and you want to open a support request with the Microsoft Intune product support team, you can find information on how to do that here:

How to get support for Microsoft Intune

If you’d like more information regarding the enrollment of Windows devices in Microsoft Intune, please see the following documentation:

• Enroll Windows devices – This article contains information for all aspects of Windows enrollment, including how to enable automatic MDM enrollment, CNAME registration, bulk enrollment of devices, and more.
• Enroll your Windows 10 devices in Intune – This article describes the end user steps and experience for enrolling a Windows computer in Microsoft Intune.

For all the latest news, information and tech tips on Microsoft Intune as well as all of our other Enterprise Mobility and Security offerings, please visit our Microsoft Enterprise Mobility and Security Blog.

Symptom

When you try to enroll a Windows 10 computer, you receive the following error message:

Resolution

To fix this issue, follow these steps:

1. Sign in to the Intune Azure Portal with a global administrator account.
2. Go to Device Enrollment > Enrollment Restrictions, and then select the Default restriction under Device Type Restrictions.
3. Select Platforms, and then select Allow for Windows (MDM).
   
   IMPORTANT: If the current setting is already Allow, change it to Block, save the setting, and then change it back to Allow and save the setting again. This resets the enrollment setting.
4. Wait for approximately 15 minutes, and then enroll the affected device again.