1. Verify Device Enrollment Status in Azure AD or Intune
- Go to Azure Portal
- Navigate to Azure Active Directory β Devices
- Search for your device name
- If already listed, remove it before re-attempting enrollment
2. Check MDM Enrollment Restrictions
- In the Microsoft Endpoint Manager admin centre, go to:
- Devices β Enrollment β Enrollment Restrictions
- Ensure your device type (Windows) is allowed
- Check limits per user and increase if necessary
3. Unenroll Device via Registry (Advanced)
Warning: Be cautious when editing the registry.
- Press Win + R, type regedit, and press Enter
- Navigate to:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
- and
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\Status
- Delete any subkeys related to previous MDM enrollments
- Restart your computer and try enrolling again
4. Use Work or School Account Correctly
- Go to Settings β Accounts β Access work or school
- Remove any old or inactive accounts
- Click + Connect, and add your organisation's work or school account properly
- Ensure correct credentials and MFA settings are used
5. Confirm User Has Enrollment Permissions
- Ensure the user account is part of an AAD group with enrollment permissions
- In Intune, confirm the user is within a group allowed to register devices
- Check if device enrollment is limited per user (default is 5 devices)
6. Try Clean Re-Enrollment
If the device was previously managed:
- Factory reset the device (Settings β Recovery β Reset this PC)
- Remove device record from Azure AD and Intune
- Re-attempt enrollment using correct work credentials
7. Check Conditional Access or Compliance Policies
- In Azure AD β Conditional Access, ensure no policies are blocking the user/device
- Review device compliance rules under Endpoint Manager β Devices β Compliance policies.
8. Run Windows Troubleshooter (Optional)
- Go to Settings β System β Troubleshoot β Other troubleshooters
- Run the Account, Network, or Device enrollment troubleshooters