FIX: Device management could not be enabled, error -2145833241, 80192EE7 or 0x80180002 (Microsoft 365)
If you're unable to enroll a device in Intune or to add a Microsoft 365 work or school account to a Windows 11 PC due to the "Device management could not be enabled" error with error code "80192EE7" or "-2145833241" continue reading below to fix the problem.
Symptom: When attempting to sign in to Microsoft 365 apps, or to enroll a device in Intune, or to add a Work or School account on a Windows 11 workstation, the following error appears: "Your account was not set up because device management could not be enabled. This device might not be able to access some resources, such as Wi-Fi, VPN, and email, with error code: 80192EE7, -2145833241 or 0x80180002.
What Causes Microsoft 365 Error Device management could not be enabled?
The error "Your account wasn't set up because device management couldn't be enabled" usually appears when signing up to a Microsoft 365 account and occurs for one of the following reasons:
- Auto-enrollment to Microsoft Intune MDM is not allowed.
- When the Windows Information Protection (WIP) is not used on the organization.
- Auto MDM Enrollment group policy is not Enabled in Local AD. (for hybrid environments)
This guide contains detailed instructions to fix the error 'Device management could not be enabled' when enrolling a device in Intune or signing in to Microsoft 365 desktop apps.
How to fix error(s) 80192EE7, -2145833241 or 0x80180002 when signing to a Microsoft 365 account or enrolling a Windows device to Intune.
Step 1. Enable Auto Enrollment and Disable WIP on Microsoft Intune.
1. Navigate to Intune Admin Center > Devices > Windows > Enrollment and open Automatic Enrollment.
2. Here make the following changes to enable the Auto MDM enrollment and click Save:
-
Set the MDM user scope to All to allow all users to enroll a device.
-
Set the Windows Information Protection (WIP) user scope to None.
3. Wait a few minutes and then try again to add the Microsoft account on the device. If it fails again, continue to step-2.
Step 2. Enable Automatic MDM Enrollment using a Group Policy in Local AD (HYBRID JOIN).
In order to be able to enroll on-premises domain devices in Intune, you must allow the automatic MDM enrolment via Group Policy. To do this:
1. Open the Group Policy Management Editor on your domain controller and navigate to:
- Computer Configuration > Administrative Templates > Windows Components > MDM
2. Open the Enable automatic MDM enrolment using default Azure AD credentials policy.*
* Note: If the "Enable automatic MDM enrolment using default Azure AD credentials" policy is not there, see the instructions on the following articles on how to add it.
- How to Automatically Enroll Active Directory devices in Intune using Group Policy.
- Enroll a Windows device automatically using Group Policy.
3. Set the policy to Enabled and below select User Credential as the credential type to use for enrollment.
4. Close Group Policy Editor and run the "gpupdate /force" command to apply the policy.
5. Try again to add your Microsoft 365 account to the device.
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Frequently Asked Questions
What causes the 'Device management could not be enabled' error when signing into Microsoft 365?
The error typically occurs due to the following reasons: auto-enrollment to Microsoft Intune MDM is not allowed, Windows Information Protection (WIP) is not utilized in the organization, or Auto MDM Enrollment group policy is not enabled in local Active Directory environments.
How can I fix the error 'Device management could not be enabled' on Windows 11 when adding a Microsoft 365 account?
You can fix this error by enabling auto-enrollment for devices via the Intune Admin Center and ensuring that WIP is set to 'None'. Additionally, in hybrid environments, enable automatic MDM enrollment using Group Policy in Local AD by setting the policy to 'Enabled' and selecting 'User Credential' as the credential type.
What should I do if I'm unable to add a Microsoft 365 account after enabling auto-enrollment in Intune?
If adding the account fails after enabling auto-enrollment, proceed to enable automatic MDM enrollment using Group Policy in Local AD. Configure the 'Enable automatic MDM enrollment using default Azure AD credentials' policy, set it to 'Enabled', and select 'User Credential'. Then run the 'gpupdate /force' command and try again.
Is there a manual method to enroll a Windows device in Microsoft Intune?
Yes, you can manually enroll a device by going to Settings > Accounts > Access work or School, then clicking 'Connect' next to 'Add a work or school account'. Enter the Microsoft 365 account credentials to complete the enrollment in Intune.
March 12, 2026 @ 1:45 pm
Thanks for sharing this guide.