This is how to fix the error when attempting to join a device to Azure AD, for instance by signing in during the Windows OOBE (out of box experience) using a Microsoft work or school account.
Something went wrong.
Looks like we can’t connect to the URL for your organization’s MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
Cause
This issue occurs because the user does not have an Intune license, and at the same time as joining Azure AD it’s trying to enroll the machine in Intune MDM. The fix is to therefore stop it from trying to enroll the user, however if your admin account does not have a license you won’t be able to do this. You can therefore fix the issue by getting a trial license of any license containing Azure AD Premium P1, and configuring MDM enrollment settings in Azure AD.
Fix
The fix is to configure the MDM User Scope in Azure AD, depending on whether you want devices to automatically enroll in Intune or not.
- Log on to https://portal.azure.com with a Global Admin account
- Search for MDM, and open Mobility (MDM and MAM) (or find this under Azure Active Directory).
- Select Microsoft Intune (or similar)
If your admin account does not have a license you may see the following error (if not you can don’t need to get a temporary license).
Obtaining a license
So, we can get a trial license for free (assuming you have not used all your trials for everything).
- Go to https://admin.microsoft.com/
- Get a trial for Azure AD Premium P1 (any product containing this should also be OK).
- Assign the license to your admin account.
- Wait 5 or 10 minutes, then you should be able to access this:
If you don’t see any URLs, click the ‘restore default’ links.
Now you have 3 options:
- If you will never use Intune, just select None for both MDM and MAM
- Select All
- If you want to use Intune but not all users are licensed, you could choose Some, and then create a dynamic group containing users licensed for Intune as per Joining Azure AD fails—Can’t connect to URL for your organization’s MDM terms – 4sysops, e.g.
user.assignedPlans -any (assignedPlan.servicePlanId -eq "8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2" -and assignedPlan.capabilityStatus -eq "Enabled")
Once you’ve done this, try and sign in to the computer again and it should work. Note that you may need to reboot a computer if you had already tried and failed to join before making the changes.
I had this problem after using a trial version of Azure AD premium. When the trail expired intune was still enabled but it gave the message given in this post. There was a disable button. Clicking that disabled it. Provided you do this and reboot the computer it all works again.
Hi Mike, when you say “there was a disable button” where was that button and are you saying after clicking that disable button all computers started connecting to Intune?
Thanks
Thanks this worked a treat.
OK great 🙂