Fix 'Device Already Enrolled' Error 8018000a in Intune

Windows shows "Something went wrong. The device is already enrolled" with error code 8018000a when you try to join a device to Intune. This is typically caused by leftover MDM registry entries from a previous tenant or MAM enrollment.

The Fix

First, run dsregcmd /status in an elevated Command Prompt to check the MDM/MAM status and look for enrollment URLs pointing to old tenants.

Open Registry Editor as administrator and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments

Look for GUID subkeys containing DeviceEnroller, DMClient, Poll, or Push. Check if any point to old enrollment URLs like https://wip.mam.manage.microsoft.com/Enroll. Right-click the problematic GUID folder and rename it to GUID.old (export it first as a backup if needed).

Run this in an elevated PowerShell session:

$EnrollmentPath = "HKLM:\SOFTWARE\Microsoft\Enrollments\Status"
Remove-Item -Path $EnrollmentPath -Recurse -Force

Reboot the machine, then trigger enrollment:

"C:\Windows\System32\deviceenroller.exe" /c /AutoEnrollMDM

If That Doesn't Work:

The device may still be registered in the old Intune tenant. Log into the previous tenant at endpoint.microsoft.com, go to Devices > All devices, search for the device, and delete it. Also delete it from Microsoft Entra admin center > Devices > All devices.

If the device is hybrid joined, run dsregcmd /leave in an elevated Command Prompt, reboot, then re-enroll.

If That Doesn't Work:

MAM user scope may be overriding MDM enrollment. In the Microsoft Intune admin center, go to Devices > Enrollment > Windows enrollment > Automatic Enrollment. Set MDM user scope to "All" or your target group, and set MAM user scope to "None". Wait 15 minutes for policy sync, then retry enrollment.

If That Doesn't Work:

Check licensing and enrollment restrictions. In Microsoft Entra, verify the user has an Intune license assigned. In Intune, go to Devices > Enrollment restrictions and confirm the personal/corporate device types match your device ownership. If enrolling more than 15 devices under one account, add the user to Device Enrollment Managers.

Verify

Run dsregcmd /status again and confirm:

• AzureAdJoined or DomainJoined shows "YES"
• MDMUrl points to your current Intune tenant
• No MAMUrl listed (or it matches your MDM tenant)

In Settings > Accounts > Access work or school, you should see your work account connected with "Connected to [Organization] MDM" beneath it.