When trying to join a Windows 10 or Windows 11 device to the Azure AD tenant using Settings > Access Work or School > Connect > Join this Device to Azure AD , you may get invalid_client error.
Something went wrong.
Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
Error: Invalid_Client
Description: Failed to authenticate user
Cause & Solution
The invalid client error may occur due to various reasons. Please check the following things if you encounter a similar issue.
1. Validate automatic MDM enrollment settings
If a user is configured to automatically enroll into Microsoft Intune when the device is joined to Microsoft Entra ID ( Formerly Azure Active Directory (AAD)) then Intune enrollment becomes mandatory during Azure AD Join. The device will not be joined to Azure AD if MDM enrollment fails.
Please check if MDM scopes are configured by the below steps.
Go to Microsoft Intune admin center > Devices > Windows > Automatic Enrollment to check the settings.
MDM user scope should be configured to Some or All. If the configuration is set to Some, then check if a user is a member of the Entra ID group scope is configured for.
2. Check if the Microsoft Intune license was assigned to the user
The user must have Microsoft Intune and Active Directory Premium P2 license assigned. You can validate this from the Microsoft Endpoint Manager admin center / Users / <User Name>/ License.
You may have to wait for 10-15 minutes if getting the same error even after the license assignment.
Related Posts
- SCCM Dynamic Collection for Windows 10 / 11 Devices
- SCCM SQL Query for Windows 10 / 11 Version Summary
- Configure Windows 10 / 11 Device as Kiosk | Microsoft Intune
- Windows 10 / 11 Operating System Build Versions
- Windows 11 enrollment failed with error 0x800700b7
- Enroll Windows 11 Device to Intune through Azure AD Join method | Corporate Devices
- Invalid_Client error when joining Windows 10 device to Azure AD tenant
- Join Windows 10 Device to Azure Active Directory
- How to Obtain Hardware Hash for Manually Registering Devices with Windows Autopilot
- Bulk enrollment of Windows 10/ 11 Devices to Intune
- Microsoft Intune – Windows 10 MDM- Basic troubleshooting
- That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
- MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.