This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 25%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)
Hello Team,
I am unable to enroll Entra hybrid joined Windows devices into Intune. When I try to enroll the devices using a work or school account, I receive the following error message:
"Something went wrong. Here are some possible reasons:
Note: All our hybrid joined devices are domain-joined, and the Group Policy for automatic MDM enrollment is enabled. When we remove the domain join and try to enroll the device using a work or school account, the device enrolls in Intune as a personal device, not a company-owned device..
Thank you in advance for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@J-3804, Thanks for posting in Q&A.
For the error Your device is already connected to your organization, here are some steps you can try to fix the issue.
This error typically indicates that the device is already registered or has remnants of a previous enrollment. To resolve this:
On the device, navigate to Settings > Accounts > Access work or school. If an account is listed, select it and click Disconnect.
Run the command dsregcmd /status in Command Prompt to check the hybrid join status. Ensure both AzureAdJoined and DomainJoined are set to YES. If above are correct, but issue still exist, please consider running command dsregcmd /leave
After executing the above command, restart the device and attempt the enrollment process again, also ensure the MDM user scope is set to All and the MAM user scope is set to None in Intune portal and Group Policy set to Device Credential.
For the error You don't have enough privileges to perform this operation. Please talk to your admin, this issue occurs if the account that you use to log on to Windows isn't a member of the local Administrators group.
Here is a link with solution you can refer to.
To enroll a device as corporate owned device via work or school account, please ensure you click Join this device to Microsoft Entra ID
Hope above information can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.