1.Check If Device Is Already Enrolled:
- Go to Settings β Accounts β Access work or school and remove any existing work or school accounts. Restart the device and try enrolling again.
2.Clear Old MDM or Azure AD Join Settings:
- Open Command Prompt (Admin) and run:
dsregcmd /leave
- Then restart your device before retrying the Azure AD or MDM join.
3.Verify User Permissions in Azure AD:
- Log in to the Azure portal, navigate to Azure AD β Devices β Device Settings, and check if the user is allowed to join devices and hasn't exceeded the limit (default is 5).
4.Ensure Join Policy Is Enabled in Azure AD:
- In Azure AD, make sure βUsers may join devices to Azure ADβ is enabled for the user or group in question.
5.Delete Enrollment Registry Keys (Advanced):
- Open Registry Editor and delete stale keys from:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments\Status
- Note: Backup your registry before making changes.
6.Adjust Group Policy for MDM Enrollment:
- Open gpedit.msc and go to:
- Computer Configuration β Administrative Templates β Windows Components β MDM
- Set Enable automatic MDM enrollment using default Azure AD credentials to Not Configured or Enabled (depending on environment).
7.Resync with Azure AD:
- In Settings β Accounts β Access work or school, select the connected account, click Info, then click Sync to retry the join process.
8.Perform Manual Workplace Join:
- Open Settings β Accounts β Access work or school β Connect and choose Set up a work or school account to begin the registration manually.
9.Flush Registration Logs and Use Event Viewer:
- Check logs in Event Viewer β Applications and Services Logs β Microsoft β Windows β DeviceManagement-Enterprise-Diagnostics-Provider for specific errors.
10.Contact Microsoft or IT Administrator:
- If the issue remains unresolved, especially in enterprise setups, consult your IT administrator or Microsoft Support for deeper diagnostics and policy verification.