If you want to connect your Windows 11/10 to work or school account using Azure Active Directory (AAD) and it doesn’t works, this article is for you. We have earlier shared you this guide to connect Windows 11 to AAD. By following that guide, one of my client today still failed to connect the machine using AAD account. In this case, he received Looks like we can’t connect to the URL for your organization’s MDM terms of use message. In this article, we’ll see how you can fix it.
As you can see in the screenshot above, the Error here is invalid_client. The Description says, failed to authenticate user. Due to this error, the client couldn’t join device to AAD. If you’re also facing same issue, here’s how to fix. As a client, there is nothing you can do on your machine to fix this problem. You’ll obviously need to contact your system or IT administrator to deal this. If you’re the IT admin, you can try below solutions to fix this for your client.
Page Contents
Fix: Looks like we can’t connect to the URL for your organization’s MDM terms of use
Fix 1: Disable Microsoft Intune
If you have recently enabled Microsoft Intune, and clients have started facing this problem right after that, you need to check the configuration. For automatic enrollment to work properly, you must have a working Azure Active Directory Premium subscription along with Microsoft Intune subscription. If your subscription is expired or not available, you can try these steps to disable Microsoft Intune, so that clients can join to AAD without this error.
1. Go to https://portal.azure.com and sign in with your global admin account. After sign-in, click Azure Active Directory under Azure services.
2. Then in the next window, click Mobility (MDM and MAM).
3. Under Mobility (MDM and MAM), click on Microsoft Intune.
4. Now in Microsoft Intune configuration, MDM user scope and MAM user scope to None. Click Save then.
Once you perform above steps, your affected clients should be able to join their devices to AAD without title error.
Fix 2: Enable Microsoft Intune Enrollment
If you’ve recently enabled Microsoft Intune, and you’ve active Azure Active Directory Premium subscription, this issue may occur because of incomplete configuration. Once you’ve enabled Microsoft Intune, you’ll additionally need to configure MDM user scope for Microsoft Intune Enrollment as well. Follow these steps:
1. In Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) and click Microsoft Intune Enrollment.
2. Now set the MDM user scope to All from None. Click Save.
Now if your clients attempt to join their device to AAD, they’ll no longer see the error and device enrollment should be successful.
Video fix
Check this video to illustrate this fix:
That’s it!
Related: Fix: Your account was not set up on this device because device management could not be enabled.
Originally released on Apr 23, 2021. Last updated for Windows 11.
3 Comments
Add your comment
Literally every other article and video out there says to leve Microsoft Intune Enrollment set to None and only use Microsoft Intune. Hoever, there isn’t good documentation on the difference. Can you please explain more about the differences and when to use one or the other?
Thanks worked a treat
^^ Glad to help 😎