Can't AAD join windows 10 "Administrator policy does not allow device join" error 801c03ed

New Contributor


We can join the same win 10 devices to AAD with some of our IT users but for newer IT users it fails with the error in the subject. This is OOBE and adding existing win 10 laptop. The devices are fine and meet the requirements etc but there is a problem with the users. I don't know what policy is causing this?


The enrollment device restrictions should not be stopping this as some of the users haven't enrolled anyone yet (so no problem with the device limit) and also the device type allowed them to enroll Windows 10. 


The users have also been added as device enrollment managers in endpoint manager.




11 Replies



I have the same problem with auto-pilot. But also when trying to register it via desktop (add work account). The user was part of the Allowed users for MAM and MDM. Has EMS E3 licence, Office 365 and windows 10



@Tic_Patrick yes that's the error. I have users that can join the same devices (my test laptop) but not these other users. Still trying to get it working!



best response confirmed by Nigel-A (New Contributor)



I found my issue. This setting was set to none because other people played with the settings in intune... I though that by default its set on ALL.



You should also check MAM and MEM  and see whats set up there




If it's set to ALL then all users go into the scope if some, then check which user groups.

Also>check if the users are in the correct groups.

       >check licences

       >check how many devices can a user enroll


I'm also quite a newbie and I just started playing with Intune. Tell me if the rest of the settings are ok.




@Tic_Patrick Mine is set to 6 users individually now who have the permissions to join the device to Azure AD. Should I add the group that the users will be enrolling with their names?


Here is my error



Good morning, please is the user have to get EMS licence to join his device on AAD?
Est ce que l'utilisateur est obligé d'avoir une licence EMS pour pourvoir joindre son appareils a Azure AD?

Thanks in advance
Merci d'avance