I’ve been messing about with Azure AD join in Windows 10 recently, and made what was ultimately a stupid mistake, but the error message and behaviour didn’t make realising my mistake terribly easy.
In my scenario, I had configured Azure AD for domain join, configured which users were allowed to join, and setup auto-enrollment for Intune. I jumped on to a new machine, and it worked sweet. Wicked I thought.
Then I got someone else to try.. and it didn’t work.
They got through the authentication step, multi-factor auth, and confirmed the org details presented back were correct. Then it failed with a super unhelpful “something has gone wrong” message, with an error code of 80180008.
I asked the internet. The internet didn’t know.
So I applied brain.. and realised I’m an idiot.
The back-of-a-napkin steps that occurs during the join process is as follows:
- Authenticate against Azure AD (or proxy auth via ADFS if that’s your bag).
- Azure confirms if you’re allowed to domain join and processes the join.
- Azure hands off to Intune to manage the device enrollment.
What was happening in my case was steps 1 and 2 were working fine, but when it came time to enroll in Intune, it was checking the license assignment for the user and low and behold, the user didn’t have one, so rejected the enrollment.
Duh! Like I said, idiot.
It would be super awesome if perhaps Microsoft could improve the feedback to the user with a useful ‘you are not licensed for device enrollment’ type message, but I guess you can’t have everything.
So if like me you forget to sort your user licensing, expect to hit error 80180008. Luckily you just need to assign the user an Intune license (either direct or via EMS) and you’re sorted.