Fix Enrollment Blocked by Device Enrollment Restrictions 80180014

Intune enrollment fails with "Enrollment blocked by Device Enrollment Restrictions" and error code 80180014, or messages like "DeviceCapReached" or "Company Portal Temporarily Unavailable." This occurs during Windows Autopilot or manual enrollment when platform restrictions, ownership settings, or device limits block the process.

The Fix

The most common cause is Intune blocking personally owned devices. To fix this:

1. Sign in to https://intune.microsoft.com

2. Go to Devices > Enrollment > Enrollment device platform restrictions

3. Select your restriction policy (often "Default" or "All Users")

4. Under Windows restrictions, set Personally owned to Allow

5. Save and wait 10-15 minutes for the policy to apply

6. Retry device enrollment

If That Doesn't Work: Check Device Enrollment Limits

The default enrollment limit is 15 devices per user. Remove old devices or increase the limit:

1. Go to Devices > Enrollment > Enrollment device limit restrictions

2. Check the current limit

3. Navigate to Users > [Select User] > Devices to count enrolled devices

4. Retire old devices: Devices > All devices > [Select Device] > Retire or Delete

5. If needed, modify the limit restriction and assign it to the user

For users who manage many devices (IT staff, kiosks), add them as Device Enrollment Managers:

1. Go to Devices > Enrollment > Device enrollment managers

2. Click Add, search for the user, and add them

3. DEM accounts can enroll up to 1,000 devices but may conflict with Conditional Access policies

If That Doesn't Work: Verify Intune Licensing

Missing licenses block enrollment:

1. Go to admin.microsoft.com

2. Navigate to Users > Active users > [Select User]

3. Under Licenses and apps, verify Microsoft Intune or a Microsoft 365 license is assigned

4. Assign if missing, wait 5-10 minutes, and retry enrollment

If That Doesn't Work: Clear Stale MDM Enrollment

Previous MDM registrations can cause conflicts. On the affected device, run PowerShell as Administrator:

# Leave current Microsoft Entra join
dsregcmd /leave

Remove Intune certificates
Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Issuer -like "Microsoft Intune" -or $_.Subject -like "Microsoft Intune" } | Remove-Item -Force

Reboot the device and retry enrollment.

For stuck registry entries blocking enrollment:

# List existing enrollments
reg query "HKLM\SOFTWARE\Microsoft\Enrollments"

Delete old enrollment GUIDs (replace {GUID} with actual value)
reg delete "HKLM\SOFTWARE\Microsoft\Enrollments\{GUID}" /f

If That Doesn't Work: Fix Hybrid Join and Autopilot Conflicts

For hybrid Microsoft Entra ID joined devices using Autopilot:

1. Open the Autopilot deployment profile in Intune

2. Under Out-of-box experience (OOBE), set User account type to Standard (not Administrator)

3. Disable Skip AD connectivity check if enabled

4. Ensure the device is registered in Autopilot with the correct group tag

Verify Microsoft Entra ID device settings:

1. Go to portal.azure.com > Microsoft Entra ID > Devices > Device settings

2. Set Users may join devices to Microsoft Entra ID to All

3. Navigate to Microsoft Entra ID > Mobility (MDM and MAM) > Microsoft Intune

4. Set MDM user scope to All

Verify

Check enrollment in the Intune admin center under Devices > All devices. The device should appear with the correct ownership type (Corporate or Personal). On the device, go to Settings > Accounts > Access work or school and confirm the connection shows as managed by your organization. Run dsregcmd /status in PowerShell to verify the MDM enrollment URL matches your Intune tenant.

IT for Manufacturers Pierce County | RainCity Techworks

IT support for manufacturers in Kent Valley, Tacoma & Pierce County. Production systems and network infrastructure.

RainCity TechworksRainCity Techworks

Related Reading

• More how-to guides
• IT Support Services

Need hands-on help? Contact RainCity Techworks.