When enrolling Windows 10 devices into Azure AD, admins may encounter the Invalid_client error. This typically indicates a misconfiguration in the device registration or authentication flow. In this guide, we’ll explain why it happens and how to fix it step by step.
What is Invalid_Client Error:
You may encounter the following Invalid_Client error when attempting to join a Windows 10 device to your Azure AD (Microsoft Entra ID) tenant. The following errors are displayed.
Something went wrong.
Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
Error: Invalid_Client
Description: Failed to authenticate user
Invalid_Client Error – Root Cause and Resolution
The Invalid_Client error can occur for several reasons during a Windows 10 Azure AD (Microsoft Entra ID) join. If you encounter this issue, review the following checks to quickly identify and resolve the problem.
1. Validate automatic MDM enrollment settings
When a user is configured for automatic enrollment into Microsoft Intune during a Microsoft Entra ID (formerly Azure Active Directory) join, Intune enrollment becomes a mandatory step in the Azure AD Join process. If MDM enrollment fails, the device will not successfully join Azure AD.
To resolve this, verify that MDM enrollment scopes are correctly configured by following the steps outlined below.
Go to Microsoft Intune admin center > Devices > Windows > Automatic Enrollment to check the settings.
The MDM user scope must be configured to either Some or All. If it is set to Some, verify that the user is a member of the Entra ID group specified in the scope configuration.
2. Ensure Microsoft Intune License Is Assigned to the User
The user must be assigned both a Microsoft Intune license and an Azure Active Directory Premium P2 license. You can verify this by navigating to Microsoft Intune > Users > [User Name] > Licenses.
If the same error persists after assigning the license, allow 10–15 minutes for the changes to propagate before retrying.
Related Posts
- SCCM Dynamic Collection for Windows 10 / 11 Devices
- SCCM SQL Query for Windows 10 / 11 Version Summary
- Configure Windows 10 / 11 Device as Kiosk | Microsoft Intune
- Windows 10 / 11 Operating System Build Versions
- Windows 11 enrollment failed with error 0x800700b7
- Enroll Windows 11 Device to Intune through Azure AD Join method | Corporate Devices
- Invalid_Client error when joining Windows 10 device to Azure AD tenant
- Join Windows 10 Device to Azure Active Directory
- How to Obtain Hardware Hash for Manually Registering Devices with Windows Autopilot
- Bulk enrollment of Windows 10/ 11 Devices to Intune
- Microsoft Intune – Windows 10 MDM- Basic troubleshooting
- That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
- MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.