Issue with trying to add a Device to a Domain

Question

HI,

i am having issues when my users try to add company-owned devices to our AAD it gives them a "Invalid_client" error description is "failed%20to%20toauthenticate%20user" can anyone possibly help users are allowed to join on the device's side of AAD

Answer 1

@Aj Dews Thanks for reaching out. Azure AD join would need a Azure AD premium license, make sure your users have that assigned. Also confirm if the error is coming while Azure AD join or Intune Auto Enrollment, there are might be chances where your organization is enabled for Intune enrollment and the device is trying to auto join to Intune and failing due to no Intune license.

You will find more details about the issue when you check the AAD event logs on the devices. For Azure AD join. Check AAD and User Device Registration logs at event viewer.
Applications And Services -- Microsoft -- Windows -- AAD
Applications And Services -- Microsoft -- Windows -- User Device Registration.

Do let us know your end goal, so that we can help you accordingly, many a times you might not need Intune but would have Intune autoenrollment enabled, which might result in a similar error if Intune license is not assigned. In that case, you will need to turn off the autoenrollment.
https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment

-----------------------------------------------------------------------------------------------------------------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.