Can’t connect device to Azure AD [Ultimate troubleshooting guide]

Written by Saajid Gangat in Microsoft,Windows,Windows Troubleshooting Last Updated July 25, 2023

Microsoft allows you to connect your devices to a network using Azure AD. If you use several devices, such as laptops, computers, and mobile phones, you can “enroll” them in the program. However, some users have reported an inability to enroll devices. So in this blog, I will provide a few solutions if you can’t connect a device to Azure AD.

  • The first method to connect a device to Azure AD is to make sure you have assigned a Microsoft Intune license:
    • Go to your Admin center and open “Endpoint Manager.”
    • Then head to “Users” and select a user from the list.
    • Next, go to “Licences” and “Assignments” and ensure that “Microsoft Intune” is selected.
    • Finally, click “Save.”
    • You must assign the user a Microsoft Intune and an Active Directory Premium P2.
  • The second method to connect a device to Azure AD is to check DNS settings for a current domain you have enrolled on your Office 365 admin account:
    • Go to your Admin center and click on “Settings” then “Domains.”
    • Next, head to “DNS records” and “Add record.”
    • Enter a custom DNS record as shown here.
    • Then click “Save” to finish.
  • The third method to connect a device to Azure AD is to change the user’s primary email address:
    • Open your Admin center and click on “Users” and “Active users.”
    • Select a user from the list and click on “Account.”
    • Then click on “Manage username and email.”
  • The fourth method to connect a device to Azure AD is to remove conflicting antivirus software that could prevent your program from enrolling a device onto Azure AD:
    • Type “control panel” into your Windows search bar and open your Control Panel.
    • Click on “Uninstall a program” under “Programs.”
    • Find any antivirus programs that you don’t need and uninstall them.
    • You can try Microsoft Defender instead.

I have tested each solution to ensure they work and have given you the results required to fix the issue. I suggest you go through each suggestion to learn how to resolve the problem of not being able to enroll devices onto Microsoft Azure AD.

How to check and see if you have assigned a Microsoft Intune license to a user

If you encounter an issue, such as not being able to enroll devices, you may assume that there could be a serious problem that you may not have even fixed. However, a simple solution to help fix this issue is to check and ensure that you have enrolled a user in Microsoft Intune. Devices assigned to users by your network must have an active Microsoft premium account with an Intune license.

  • Now click on the option for “Admin” in the launcher. 
  • Select the option called “Endpoint Manager.” 
  • Click on the option for “Users.” 
  • Select a user that you cannot enroll a device on. 
  • Now click on “Licenses.” 
  • After that, click on “Assignments.” 
  • Ensure that the option for “Microsoft Intune” is selected. 
  • Click on “Save” to complete the process. 

Upon completion, you will have managed to successfully assign an active license to a user who needs to have an enrolled device. If you notice that the changes are not applying instantly, you may need to wait up to 15 minutes for the new settings to be added. So don’t worry if you find that you are not able to enroll devices immediately after completing the steps.

How to check the DNS settings for current domains enrolled on Office 365

Another potential solution to fix the issue is to check the DNS settings of current domains enrolled in your Office 365 account. This solution is targeted at the fact that the DNS settings may be incorrect for your account. Therefore making changes here will ensure that you can use the Endpoint manager to enroll devices using the domain added.

  • Now click on the option for “Admin” in the launcher. 
  • Click on the dropdown for “Settings” and then click on “Domains.” 
  • Now click on the default domain you are using. 
  • Click on the option for “DNS records.” 
  • After that, click on “Add record.” 
  • Input the custom DNS record information. 

A domain administrator can insert text into the Domain Name System by using the DNS “text” (TXT) record (DNS). Initially, the TXT record provided a location for notes that humans could read. However, you may also add certain machine-readable information to TXT entries. Many TXT records can exist for a single domain.

A DNS record’s Time To Live, or TTL for short, is its kind of expiration date. The TTL instructs the local resolver or recursive server how long to hold the record in its cache. The resolver keeps the information in its cache for a more extended period, the greater the TTL. The shorter the TTL, the resolver keeps the information in its cache for a shorter period.

  • Click on “Save” to complete the process.

Once you have completed the steps, you will have managed to change the DNS settings to ensure that you can enroll devices in Azure. Sometimes they may be an issue of users not being able to properly enroll the devices onto Azure because they cannot get the DNS settings correct.

How to change the user’s primary email address to accompany a new device being enrolled

The next solution you can try is to change the user’s primary email address to accompany a new device enrolment. Sometimes an enrollment could conflict with the user’s email address on their network. Changing the email address could potentially resolve this issue and allow you to enroll devices onto Microsoft Azure.

  • In your Office 365 Admin dashboard, click on “Users.”
  • Now click on “Active users” from the dropdown.
  • Choose the user that can’t get device enrollment.
  • Now select “Account.”
  • Under username, click on “Manage username and email.”
  • Click on the “Edit” icon.
  • Change the user name and click on “Done.”
  • Click on “Save Changes” to complete the process.

Once you have completed the steps, the user should be able to enroll a device on Azure AD. However, if the problem persists, you can use our fourth solution to remove conflicting antivirus software.

Remove conflicting antivirus software that could prevent your device from being enrolled – error 80072ee2

Several different antivirus applications are available for users to download. If your computer currently has an antivirus program installed and you wish to install a new antivirus, you must first remove the existing antivirus application. If you have more than one antivirus program installed on your device, you may not be able to enroll in a program such as Azure AD. The procedures for uninstalling an antivirus application are shown below.

Some users get an error called 80072ee2, which could mean your antivirus software has prevented you from enrolling a device. You will need to remove the conflicting software to have your device successfully enrolled on Azure AD.

Important: Do not remove antivirus software unless you have new software to replace it with.
  • Firstly, open the “Control panel.”
  • Where it says “Programs,” click on “Uninstall a program.”
  • Right-click on the conflicting program.
  • Click on “Uninstall.”
  • Click on “Yes” to confirm and complete the process.

Sometimes an antivirus program with safety attributes can potentially hinder your ability to enroll the device onto a program such as Microsoft Azure. You will need to use these steps to ensure that you can successfully remove any conflicting antivirus programs and that you can enroll your device in Microsoft Azure.

You can also try Windows Defender as your primary antivirus software.

Conclusion

Thank you for reading our content on how you can resolve the issue of not being able to enroll devices onto Azure AD. I provided a list of solutions you can use to help resolve the issue of not being able to enroll devices onto a program such as Azure. Each solution has been tested to ensure they work correctly; I suggest you go through each to better understand how to fix the issue. If you require further assistance with the steps, drop a comment below we will address them. 

Saajid Gangat

Saajid Gangat has been a researcher and content writer at Business Tech Planet since 2021. Saajid is a tech-savvy writer with expertise in web and graphic design and has extensive knowledge of Microsoft 365, Adobe, Shopify, WordPress, Wix, Squarespace, and more! You can connect with Saajid on Linkedin.

Recent Posts