I was setting up a new demo tenant for testing this week and I encountered something I hadn't seen before. I had configured an Autopilot solution using deployment profiles but experienced this problem during testing.
I could see that my test device had been assigned a profile.
This was validated when I saw the Company Branding on the test device.
However I received the error:
"Something went wrong. This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code 80180003".
I'd seen this issue before. There are several reasons you can get this error. Microsoft have a pretty decent article describing it.
This is an extract from that document:
These errors can result from any of the following conditions:
- The user has already enrolled the maximum number of devices allowed in Intune.
- The device is blocked by the device type restrictions.
- The computer is running Windows 10 Home. However, enrolling in Intune or joining Microsoft Entra ID is only supported on Windows 10 Pro and higher editions.
- The Microsoft Entra setting Users may join devices to Microsoft Entra ID is set to None, which prevents new users from joining their devices to Microsoft Entra ID. Therefore Intune enrollment fails.
I checked all these conditions and couldn't find the problem.
The user had not enrolled any device previously so that wasn't it.
Windows MDM enrollments are allowed. I don't need Personally owned Windows devices as I'm not using Autopilot Device Preparation.
All users are allowed to join devices to Entra ID.
The troubleshooting article doesn't mention licensing but I checked that too and all was good.
Then I found it. The MDM Authority was set to Unknown. I hadn't been asked to select it when setting up the tenant. I'd never seen this before.
Luckily there are a few ways to fix this. You can use this link to get directly to where you can select Intune as the MDM Authority
Alternatively you can use a Guided Scenario to force the page to show.
The Choose MDM Authority page appears. Select Intune MDM Authority and click Choose.
The MDM Authority has been set to Intune.
I could see that reflected in the console. That's more like it.
That solved the problem and I could continue with my testing.
I hope this helps. Until next time......
