Support tip: Unblock Windows “Set up for Work or School” enrollment
Published Jan 25 2022 01:01 PM 17.1K Views
Microsoft

Some customers run into issues during the out-of-box experience (OOBE) when enrolling Windows devices, specifically when the device is recognized as a personal device and the tenant does not allow for this device type. This scenario can occur during device setup when the user chooses Set up for work or school and then signs in with an organization-linked Azure Active Directory (Azure AD) account.

 

Windows 11 out-of-box-experience (OOBE) - How would you like to set up your device.Windows 11 out-of-box-experience (OOBE) - How would you like to set up your device.

 

Windows 11 out-of-box-experience (OOBE) - Let's set things up for your school.Windows 11 out-of-box-experience (OOBE) - Let's set things up for your school.

 

If you have personal device enrollment blocked for your tenant, this enrollment method will result in a failure. The associated error code you might see is 80180014.

 

To fix this, you can allow personal enrollment of Windows devices either for all users or for a subset of users you want to be allowed to enroll personal devices. We recommend limiting the number of users you allow to enroll personal windows devices to only the users who will need this capability. This will ensure that other users in your organization do not accidentally enroll their personal devices.

To allow personal device enrollment, sign-in to the Microsoft Endpoint Manager admin center and select Devices > Enroll devices > Enrollment device platform restrictions.

 

Microsoft Endpoint Manager admin center - Enrollment device platform restrictions for Windows devices.Microsoft Endpoint Manager admin center - Enrollment device platform restrictions for Windows devices.

 

Select Windows restrictions > Create restriction and give the restriction an informative name. On the Platform settings page, make sure to set Personally owned devices to Allow.

 

Microsoft Endpoint Manager admin center - Creating a new enrollment restriction for personally owned Windows devices.Microsoft Endpoint Manager admin center - Creating a new enrollment restriction for personally owned Windows devices.

 

Assign the restriction to the group(s) you want to let enroll personal devices.

 

Microsoft Endpoint Manager Enrollment admin center - Assigning a new enrollment restriction to an Azure AD group for personally owned Windows devices.Microsoft Endpoint Manager Enrollment admin center - Assigning a new enrollment restriction to an Azure AD group for personally owned Windows devices.

 

Review and create the restriction.

 

If you have any questions or comments, reply to this post or reach out to @IntuneSuppTeam on Twitter.

16 Comments
Co-Authors
Version history
Last update:
‎Feb 01 2022 11:24 AM
Updated by: