Share via

our organization has disabled this device. To fix this, contact your system administrator and provide the error code 135011. More information: https://www.microsoft.com/wamerrors

Jim Washington 0 Reputation points
2026-04-13T21:30:17.3133333+00:00

our organization has disabled this device.

To fix this, contact your system administrator and provide the error code 135011.

More information: https://www.microsoft.com/wamerrors

Windows for home | Windows 11 | Accounts, profiles, and login

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-04-13T21:30:29.4733333+00:00

    Error code 135011 with the message “Your organization has disabled this device” means the device object in Microsoft Entra ID (Azure AD) is disabled or deleted, so sign-in and activation are blocked. Resolution requires checking and fixing the device status, then rejoining/recovering it.

    For a home Windows 11 device that was ever joined to work or school, the following admin-focused steps are typically required:

    1. Have an admin enable or recover the device in Microsoft Entra ID
      1. Sign in to the Azure portal with an admin account.
      2. Go to Microsoft Entra ID > Devices.
      3. Search for the device (by device name or user) and check if it is Disabled or deleted.
      4. If it is disabled, select the device and choose Enable.
      5. If it was deleted, it must be re-registered (see step 2).
    2. If the device was deleted, re-register it to the tenant On the affected Windows 11 device:
      1. Open Settings > Accounts > Access work or school.
      2. Select the work/school account and choose Disconnect.
      3. Then select Connect and sign in again with the work or school account to register the device.
    3. If sign-in still fails, reset the Microsoft 365/Entra device state Use the device recovery approach described for disabled or unauthenticated devices:
      1. Open Event Viewer and confirm the AADSTS135011 / device disabled messages under Applications and Services Logs > Microsoft > Windows > AAD > Operational.
      2. Run dsregcmd /status in an elevated Command Prompt to see how the device is joined (AzureAdJoined / WorkplaceJoined / hybrid).
      3. For a Microsoft Entra hybrid-joined device:
        • Run dsregcmd /leave in an elevated Command Prompt.
        • Restart the device.
        • Allow it to rejoin and then try signing in again.
    4. Force Microsoft Entra sign-in recovery if needed On the affected device, in an elevated Command Prompt:
      1. Run dsregcmd /forcerecovery.
      2. When prompted, select Sign in and complete the sign-in.
      3. Sign out of Windows and sign back in, then test the affected app or sign-in again.
    5. If the device is Azure AD–joined and not rejoining automatically
      1. In an elevated Command Prompt, run dsregcmd /status and confirm AzureAdJoined.
      2. If AzureAdJoined is YES but the error persists, an admin should consider removing any duplicate or stale device entries in Entra ID, then:
        • Delete local BrokerPlugin token data as described in the “Check for a duplicate device” section.
        • Restart the device and sign in again.

    If the device is no longer supposed to be managed by any organization (pure home use), remove any work or school account under Settings > Accounts > Access work or school, and ensure the device is not joined to Microsoft Entra ID or a work domain. If the error continues and the device is still associated with a tenant, an admin of that tenant must correct or remove the device object.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.