SOLVED

Can't AAD join windows 10 "Administrator policy does not allow user...to device join" error 801c03ed

New Contributor

Hi,

We can join the same win 10 devices to AAD with some of our IT users but for newer IT users it fails with the error in the subject. This is OOBE and adding existing win 10 laptop. The devices are fine and meet the requirements etc but there is a problem with the users. I don't know what policy is causing this?

 

The enrollment device restrictions should not be stopping this as some of the users haven't enrolled anyone yet (so no problem with the device limit) and also the device type allowed them to enroll Windows 10. 

 

The users have also been added as device enrollment managers in endpoint manager.

 

Thanks,

Nigel

5 Replies

@Nigel-A 

 

I have the same problem with auto-pilot. But also when trying to register it via desktop (add work account). The user was part of the Allowed users for MAM and MDM. Has EMS E3 licence, Office 365 and windows 10

Tic_Patrick_0-1612273061444.png

 

@Tic_Patrick yes that's the error. I have users that can join the same devices (my test laptop) but not these other users. Still trying to get it working!

 

Nigel

best response confirmed by Nigel-A (New Contributor)
Solution

@Nigel-A 

 

I found my issue. This setting was set to none because other people played with the settings in intune... I though that by default its set on ALL.

Tic_Patrick_0-1612293584548.png

 

You should also check MAM and MEM  and see whats set up there

 

Tic_Patrick_1-1612293723004.png

 

If it's set to ALL then all users go into the scope if some, then check which user groups.

Also>check if the users are in the correct groups.

       >check licences

       >check how many devices can a user enroll

 

I'm also quite a newbie and I just started playing with Intune. Tell me if the rest of the settings are ok.

 

Cheers!