Device management could not be enabled, error code -2145833241

Question

Device management could not be enabled, error code -2145833241

Ryan Burgess 20

Hello,

Our company is experiencing the issue of "device management could not be enabled, error code -2145833241" when loading a work account onto different personal computers for staff members to access the company database. This was after creating a local accounts to set the computers up.

We have gone through steps:

Window settings: start>settings>accounts>email & accounts> add work account.
Settings > Accounts > Access work or school > Enroll only in device management, then attempt the process again.

Note: I have my "work account" added to my current personal computer, but have received a new laptop - so looking to set this up on the new laptop. This same issue has been encountered when adding separate "work accounts" onto other computers as well

Yet we still keep encountering the error code -2145833241 "Device management could not be enabled"

Can you please advise on what the next steps would be? Perhaps something needs to be changed on the administration end?

Thanks,

0 comments

Answer accepted by question author

Harry Phan 21,825 Independent Advisor

Hello Ryan,

The error code -2145833241 occurs when Windows cannot enable device management during enrollment. This usually points to a tenant-side configuration or licensing issue rather than a local PC problem. When a user adds a work account, Windows attempts to register the device with Azure AD and Intune. If Intune licenses are not assigned, or if enrollment restrictions block personal devices, the process fails with this error.

You should verify in the Microsoft 365 Admin Center that affected users have valid Intune or Microsoft 365 Business Premium/E3/E5 licenses. Next, check Endpoint Manager under Devices > Enrollment restrictions to confirm personal Windows devices are allowed. Also ensure automatic MDM enrollment is enabled in Azure AD > Mobility (MDM and MAM) and that the MDM URLs are correctly configured.

On the client side, remove the work account from Access work or school, run dsregcmd /leave to clear stale registration, then retry enrollment. If the same error appears across multiple machines, the root cause is almost certainly tenant configuration or licensing.

At that point, the best step is to review Intune enrollment policies and, if necessary, open a support case with Microsoft to confirm the tenant is properly set up for Windows device management.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Harry.

Ryan Burgess 20 Reputation points

2026-01-07T18:57:54.4233333+00:00
Hi Harry,

Appreciate the response!

As far as we can tell - our organization is not registered in Azure or Intune through MS365 - unless this is setup by default, but no devices are assigned under these categories

Myself as as user does have a valid MS365 license as it is set up on my current laptop

Endpoint - We did have to do a search for "Endpoint" as it could not be located under Devices > Enrollment and clicked the "identity" tab which led us to the Microsoft Entra (not sure if thats the same area). Looks like here we have found users, devices, roles and admins, tenant ID etc.

It appears the next steps are to:

Figure out how to add a new device under my own user

Possibly setup Azure / Intune to manage devices if this cannot be done with Microsoft Entra

Figure out how to manage devices under "Entra"

The odd thing is, is that we used to be able to set up a new computer using a local account, then add a work account under the previously mentioned process with no issues. This is how we setup my current computer and the previous ones

Since 2022 with new computers, we keep encountering the error code -2145833241 everytime we attempt to set one up and we have not changed anything on the back end

If you have further comments to steps 1, 2, 3 above that'd be great - if not, appreciate your help thus far.
Jonah Segundo 0 Reputation points

2026-02-26T15:14:08+00:00

Following the AI T/S:

`1. Check Device Compatibility: - Confirmed

2. Verify MDM Enrollment Settings: The administrator should check the enrollment restrictions in the Microsoft Intune admin center. - Confirmed

3. Active Directory Permissions: - Confrimed

4. Network Connectivity: Ensure that the laptop is connected to the internet and can reach the necessary endpoints for device management. Sometimes, network issues can prevent successful enrollment. - Relayed

5. Local Account Issues: - Confirmed

6. Contact IT Support: Iogs check and confirmed user can successfully login via browser only not the portal.

Any other T/S to work on this issue?

anurag gupta 0

Log Name: ODJ Connector Service

Source: ODJ Connector Service Source

Event ID: 30132

Level: Error

Description:

{

      "Metric":{

               "Dimensions":{

                         "RequestId":"<RequestId>",

                         "DeviceId":"<DeviceId>",

                         "DomainName":"contoso.com",

                         "ErrorCode":"5",

                         "RetryCount":"1",

                          "ErrorDescription":"Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation",

                          "InstanceId":"<InstanceId>",

                          "DiagnosticCode":"0x00000800",

                          "DiagnosticText":"Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation [Exception Message: \"DiagnosticException: 0x00000800. Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation\"] [Exception Message: \"Failed to call NetProvisionComputerAccount machineName=<ComputerName>\"]"

               },

               "Name":"RequestOfflineDomainJoinBlob_Failure",

               "Value":0

      }

}

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 additional answer

Your answer

Ryan Burgess 20 Reputation points

2026-01-07T18:57:54.4233333+00:00

Hi Harry,

Appreciate the response!

As far as we can tell - our organization is not registered in Azure or Intune through MS365 - unless this is setup by default, but no devices are assigned under these categories

Myself as as user does have a valid MS365 license as it is set up on my current laptop

Endpoint - We did have to do a search for "Endpoint" as it could not be located under Devices > Enrollment and clicked the "identity" tab which led us to the Microsoft Entra (not sure if thats the same area). Looks like here we have found users, devices, roles and admins, tenant ID etc.

It appears the next steps are to:

Figure out how to add a new device under my own user

Possibly setup Azure / Intune to manage devices if this cannot be done with Microsoft Entra

Figure out how to manage devices under "Entra"

The odd thing is, is that we used to be able to set up a new computer using a local account, then add a work account under the previously mentioned process with no issues. This is how we setup my current computer and the previous ones

Since 2022 with new computers, we keep encountering the error code -2145833241 everytime we attempt to set one up and we have not changed anything on the back end

If you have further comments to steps 1, 2, 3 above that'd be great - if not, appreciate your help thus far.
Jonah Segundo 0 Reputation points

2026-02-26T15:14:08+00:00

Following the AI T/S:

`1. Check Device Compatibility: - Confirmed

2. Verify MDM Enrollment Settings: The administrator should check the enrollment restrictions in the Microsoft Intune admin center. - Confirmed

3. Active Directory Permissions: - Confrimed

4. Network Connectivity: Ensure that the laptop is connected to the internet and can reach the necessary endpoints for device management. Sometimes, network issues can prevent successful enrollment. - Relayed

5. Local Account Issues: - Confirmed

6. Contact IT Support: Iogs check and confirmed user can successfully login via browser only not the portal.

Any other T/S to work on this issue?
anurag gupta 0 Reputation points

2026-02-26T15:59:25.1966667+00:00

Log Name: ODJ Connector Service

Source: ODJ Connector Service Source

Event ID: 30132

Level: Error

Description:

{

"Metric":{ "Dimensions":{ "RequestId":"<RequestId>", "DeviceId":"<DeviceId>", "DomainName":"contoso.com", "ErrorCode":"5", "RetryCount":"1", "ErrorDescription":"Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation", "InstanceId":"<InstanceId>", "DiagnosticCode":"0x00000800", "DiagnosticText":"Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation [Exception Message: \"DiagnosticException: 0x00000800. Failed to get the ODJ Blob. The ODJ connector does not have sufficient privileges to complete the operation\"] [Exception Message: \"Failed to call NetProvisionComputerAccount machineName=<ComputerName>\"]" }, "Name":"RequestOfflineDomainJoinBlob_Failure", "Value":0 }

}
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

The error code -2145833241 typically indicates an issue with device management enrollment in a corporate environment. Here are some steps you can take to troubleshoot and resolve this issue:

Check Device Compatibility: Ensure that the version of Windows on the new laptop is supported for device management by your organization. Some older versions may not be compatible.
Verify MDM Enrollment Settings: The administrator should check the enrollment restrictions in the Microsoft Intune admin center. Make sure that the device type restrictions allow for the type of device you are trying to enroll.
- Navigate to Devices > Enrollment restrictions > select the appropriate restriction and ensure that Windows (MDM) is allowed.
Active Directory Permissions: Ensure that the user account being used to enroll the device has the necessary permissions to enroll devices in Microsoft Entra ID. The account should be part of a group that has permission to join devices.
Network Connectivity: Ensure that the laptop is connected to the internet and can reach the necessary endpoints for device management. Sometimes, network issues can prevent successful enrollment.
Local Account Issues: Since you mentioned creating local accounts, ensure that the local accounts do not interfere with the work account setup. It may be beneficial to remove local accounts if they are not needed.
Contact IT Support: If the issue persists, it may be necessary to contact your IT support team for further assistance. They can check the logs and settings on the administration side to identify any potential issues.

By following these steps, you should be able to identify and resolve the issue with device management enrollment.

References:

Share via

Device management could not be enabled, error code -2145833241

1 additional answer

Your answer