Windows Autopilot or MDM enrollment fails during OOBE or pre-provisioning with error code 0x80180014, displaying "Something went wrong. This feature is not supported" or "Your organization does not support this version of Windows." The device stops at enrollment and will not proceed.
The Fix
Intune enrollment restrictions are blocking the device. Check and modify the restriction policy:
1. Sign in to the Microsoft Intune admin center.
2. Navigate to Devices > Enroll devices > Enrollment restrictions.
3. Select Device type restrictions or the policy applied to your users.
4. Edit the policy and ensure Windows (MDM) is set to Allow.
5. If enrolling personally owned devices, set Personally owned devices to Allow.
6. Save changes and wait 5-10 minutes for policy propagation.
7. Reset the device and retry Autopilot.
If That Doesn't Work: Unblock the Device
Pre-provisioned or userless devices can get stuck in a blocked state in Intune:
1. Go to Endpoint Manager > Devices > Windows > All devices.
2. Search for the device by serial number or hardware hash.
3. Select the device and click Unblock (or Allow next enrollment).
4. Wait a few minutes, then restart the device and retry enrollment.
If That Doesn't Work: Delete Stale Device Records
Previous enrollment records cause conflicts during re-enrollment:
1. In Endpoint Manager > Devices > Windows > All devices, find and delete the device record.
2. Go to Azure AD > Devices and delete any matching Azure AD device objects.
3. For hybrid Azure AD join scenarios, delete the on-premises AD computer object and sync with Azure AD Connect.
4. Wait 15 minutes for deletions to propagate.
5. Reset the device and re-run Autopilot.
If That Doesn't Work: Verify Auto MDM Enrollment Scope
The user might not be authorized for automatic enrollment:
1. Navigate to Devices > Enroll devices > Automatic enrollment.
2. Check MDM user scope—ensure it includes the user attempting enrollment (set to All or add the user to a Selected group).
3. Also verify Azure AD > Mobility (MDM and MAM) settings point to Intune.
If That Doesn't Work: Check Event Logs
Get detailed error information from the device:
1. Open Event Viewer on the device.
2. Navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.
3. Look for Event IDs 11, 52, 55, 59, or 71.
4. Review error messages for specific server responses like "DeviceNotSupported" or certificate parsing errors.
5. Use event details to determine if it's a policy block, unsupported edition, or backend issue.
PowerShell to remove a device from Intune (use cautiously):
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.ReadWrite.All"
Find device by serial number
$device = Get-MgDeviceManagementManagedDevice -Filter "contains(serialNumber,'YOUR_SERIAL_HERE')"
Delete device record
Remove-MgDeviceManagementManagedDevice -ManagedDeviceId $device.IdCommon Mistakes to Avoid
Do not broadly enable personally owned device enrollment without understanding the scope—only adjust policies blocking your specific scenario. Do not delete device records without confirming the serial number first. Do not apply registry fixes; this is a tenant-side policy issue. Do not factory reset repeatedly without fixing the underlying Intune or Azure AD block.
Verify
After making policy changes, wait 5-10 minutes, then reset the device and restart Autopilot. The enrollment should proceed past the initial MDM registration phase without error 0x80180014. Check Devices > Windows > All devices in Intune to confirm the device appears with "Enrolled" status. For pre-provisioning, the white glove process should complete successfully and hand off to user OOBE.
Todd
Need Help with Windows Autopilot in the Seattle Area?
If you're struggling with Autopilot enrollment errors or MDM deployment issues, Rain City Techworks provides IT support throughout the Seattle, Tacoma, and Puget Sound region. We specialize in Intune, Autopilot, and device enrollment for businesses.