If you want to connect your Windows 11/10 to work or school account using Azure Active Directory (AAD) and it doesn’t works, this article is for you. We have earlier shared you this guide to connect Windows 11 to AAD. By following that guide, one of my client today still failed to connect the machine using AAD account. In this case, he received Looks like we can’t connect to the URL for your organization’s MDM terms of use message. In this article, we’ll see how you can fix it.

Looks like we can't connect to the URL for your organization's MDM terms of use
Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your site administrator with the problem information from this page.

As you can see in the screenshot above, the Error here is invalid_client. The Description says, failed to authenticate user. Due to this error, the client couldn’t join device to AAD. If you’re also facing same issue, here’s how to fix. As a client, there is nothing you can do on your machine to fix this problem. You’ll obviously need to contact your system or IT administrator to deal this. If you’re the IT admin, you can try below solutions to fix this for your client.

Fix: Looks like we can’t connect to the URL for your organization’s MDM terms of use

Fix 1: Disable Microsoft Intune

If you have recently enabled Microsoft Intune, and clients have started facing this problem right after that, you need to check the configuration. For automatic enrollment to work properly, you must have a working Azure Active Directory Premium subscription along with Microsoft Intune subscription. If your subscription is expired or not available, you can try these steps to disable Microsoft Intune, so that clients can join to AAD without this error.

1. Go to https://portal.azure.com and sign in with your global admin account. After sign-in, click Azure Active Directory under Azure services.

Looks like we can't connect to the URL for your organization's MDM terms of use

2. Then in the next window, click Mobility (MDM and MAM).

Looks like we can't connect to the URL for your organization's MDM terms of use

3. Under Mobility (MDM and MAM), click on Microsoft Intune.

Looks like we can't connect to the URL for your organization's MDM terms of use

4. Now in Microsoft Intune configuration, MDM user scope and MAM user scope to None. Click Save then.

Looks like we can't connect to the URL for your organization's MDM terms of use

Once you perform above steps, your affected clients should be able to join their devices to AAD without title error.

Fix 2: Enable Microsoft Intune Enrollment

If you’ve recently enabled Microsoft Intune, and you’ve active Azure Active Directory Premium subscription, this issue may occur because of incomplete configuration. Once you’ve enabled Microsoft Intune, you’ll additionally need to configure MDM user scope for Microsoft Intune Enrollment as well. Follow these steps:

1. In Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) and click Microsoft Intune Enrollment.

2. Now set the MDM user scope to All from None. Click Save.

Looks like we can't connect to the URL for your organization's MDM terms of use

Now if your clients attempt to join their device to AAD, they’ll no longer see the error and device enrollment should be successful.

Looks like we can't connect to the URL for your organization's MDM terms of use

Video fix

Check this video to illustrate this fix:

That’s it!

Related: Fix: Your account was not set up on this device because device management could not be enabled.

Originally released on Apr 23, 2021. Last updated for Windows 11.

3 Comments

Add your comment

  • Jay K

    Literally every other article and video out there says to leve Microsoft Intune Enrollment set to None and only use Microsoft Intune. Hoever, there isn’t good documentation on the difference. Can you please explain more about the differences and when to use one or the other?

  • Matt

    Thanks worked a treat

  • Kapil Arya

    ^^ Glad to help 😎

  • Leave a Reply

    Your email address will not be published. Required fields are marked *