Invalid Client Whenever Joining a Laptop to EntraID

Question

Invalid Client Whenever Joining a Laptop to EntraID

Riley Farmer 5

Hey Everyone,

I was seeing if anyone ran into this issue as MS support seemed to not know what was happening when I asked them. I work for a MSP and we are joining a laptop the same way we have since we have been using AzureAD, now EntraID, and whenever we go to join this new laptop it just gives us a "Invalid_Client" error. We have re-wiped the laptop, tried to join from set up, tried different accounts, tried to join with other accounts that are known working, used the same accounts on other computers to verify they work, but this laptop just keeps throwing a Invalid_Client error and we can't get it to join at all. Any idea on any resolutions for this?

Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-01T14:14:56.9133333+00:00
Hello @Riley Farmer ,I Understand you are getting Invalid Client error whenever you joining the laptop to EntraID.

Before you can join the laptop device to an Microsoft Entra ID, make sure that users are permitted to perform a domain-join operation. That’s easy to check in the Microsoft Entra ID.

Login to portal.azure.com with the global admin rights

Go to > Microsoft Entra ID > Devices > Manage > Device settings

Make sure you have select "ALL" for the Users may join devices to Microsoft Entra
If the option is set to none or selected make the changes to all and try again to join.

Regarding the "Invalid Client Error" you're encountering on the laptop, are you seeing the same error as shown in the screenshot below? If not, could you please provide a screenshot of the error you're experiencing to help us troubleshoot the issue more effectively?

Let us know if you have any additional queries. Happy to assist you further.
Riley Farmer 5 Reputation points

2025-04-01T14:17:17.49+00:00

@Goutam Pratti They are set with that option correctly. I will get a screenshot
Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-02T09:53:46.75+00:00

Hello @Riley Farmer ,

Following upto see to provide the screen shot of error you are facing with for better trouble shooting the issue.
Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-03T13:27:15.3433333+00:00

Hello @Riley Farmer ,

Following upto see to provide the screen shot of error you are facing with for better trouble shooting the issue.

1 answer

Your answer

Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-01T14:14:56.9133333+00:00

Hello @Riley Farmer ,I Understand you are getting Invalid Client error whenever you joining the laptop to EntraID.

Before you can join the laptop device to an Microsoft Entra ID, make sure that users are permitted to perform a domain-join operation. That’s easy to check in the Microsoft Entra ID.

Login to portal.azure.com with the global admin rights

Go to > Microsoft Entra ID > Devices > Manage > Device settings

Make sure you have select "ALL" for the Users may join devices to Microsoft Entra
If the option is set to none or selected make the changes to all and try again to join.

Regarding the "Invalid Client Error" you're encountering on the laptop, are you seeing the same error as shown in the screenshot below? If not, could you please provide a screenshot of the error you're experiencing to help us troubleshoot the issue more effectively?

Let us know if you have any additional queries. Happy to assist you further.
Riley Farmer 5 Reputation points

2025-04-01T14:17:17.49+00:00

@Goutam Pratti They are set with that option correctly. I will get a screenshot
Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-02T09:53:46.75+00:00

Hello @Riley Farmer ,

Following upto see to provide the screen shot of error you are facing with for better trouble shooting the issue.
Goutam Pratti 4,170 Reputation points Microsoft External Staff

2025-04-03T13:27:15.3433333+00:00

Hello @Riley Farmer ,

Following upto see to provide the screen shot of error you are facing with for better trouble shooting the issue.

Answer 1

Hello @Riley Farmer ,If you are getting error which I mentioned in below screen shot:
How to Solve Invalid_Client Error When Joining Windows 10 to Azure AD

There can be the two possibilities that you are facing this error:

The user who tries to enroll the device doesn't have a valid Intune license or an Office 365 license. In this situation may cause the above error.
The MDM terms and conditions in Microsoft Entra ID is blank or doesn't contain the correct URL.

To fix the issue you can follow the one of the methods:

Assign either an Intune or a Microsoft 365 license to the user.
Correct the MDM terms of use URL:
Sign in to the Azure portal, and then select Microsoft Entra ID.
Select Mobility (MDM and MAM), and then click Microsoft Intune.
Select Restore default MDM URLs, verify that the MDM terms of use URL is set to https://portal.manage.microsoft.com/TermsofUse.aspx.
Choose Save.

This error can also occur when you try to join or register a device in Entra ID, causing the device to be automatically enrolled in the MDM scope. To resolve this, you can disable the scope by assigning the proper license I mentioned above. Additionally, you can set the user scope to "None" and try again to remove the error.
User's image

User's image

For additional Information follow: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-enrollment/troubleshoot-windows-enrollment-errors#looks-like-the-mdm-terms-of-use-endpoint-is-not-correctly-configured

Hope this Helps. Let us Know if you have any additional queries. Happy to assist you further.

Share via

Invalid Client Whenever Joining a Laptop to EntraID

1 answer

Your answer