2

This is regarding the Free AzureAD that comes bound to office365 business premium.

In previous deployments (these are very small hence no real budget to look at MDM and the extra subscriptions for that functionality).

But this customer cannot join to the AzureAD. Everytime I attempt to do so I get the error:

"looks like we can't connect to the URL for your organization's MDM terms of use. Try again, or contact your system administrator with the problem information from this page"

I've looked everywhere, and I simply cannot find what the issue is.

please help

Nathan
  • 21
  • 1
  • 1
  • 2
  • Where is "the problem information from this page"? Also, if you have "looked everywhere", please detail exactly what you have done. Otherwise, you will receive suggestions to do things again, as you have not stated that you have done them. – Michael Hampton Aug 23 '18 at 15:21

4 Answers4

1

Have you used the automatic MDM enrollment?

If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD.

And every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid Azure Active Directory Premium license.

For the details, you can refer to Azure Active Directory integration with MDM.

SunnySun
  • 231
  • 1
  • 4
  • Can you clarify how this can be turned off? We have not requested MDM, we don't have InTune, we just want users to be able to log in to a PC that is outside the office AD domain. It is really frustrating that this seems to demand a premium service that effectively doubles the per-user cost. The links all tell me how to buy a service I don't want or need. – Quango Nov 08 '18 at 13:04
  • If you want to turn off MDM, you could refer to this link:https://support.office.com/en-us/article/how-to-turn-off-mobile-device-management-in-office-365-2709cafb-0a8b-44bc-8494-7e2fccfa2b19 – SunnySun Nov 09 '18 at 01:26
  • I did find this article researching this. First problem: there is no "security policies" menu - `Security & Compliance Center> Security policies > Device security polices.` The article is out of date. – Quango Nov 09 '18 at 16:00
1

I just had the same issue with a tenant that I inherited, I signed up for a trial of Azure Premium P2 (or you should be able to sign up for one license if you used the trial already), assigned a license to my global admin, Azure portal, Azure AD, MDM, InTune, changed the scope of MDM/MAM to None, waited a short while and it started to work.

Microsoft Office 365 support couldn't help me. They passed me to Azure Professional Support who couldn't help me. They passed me to InTune support but in the meantime I gave my theory a try and fixed it.

Very frustrating that the settings be hidden when there is no active license, they should be visible but locked.

kenlukas
  • 2,886
  • 2
  • 14
  • 25
AKUK
  • 11
  • 1
0

Another problem could be that the URLs for Terms of Use and/or Discovery are not FQDN (Fully qualified domain name), i.e. mysubdomain.onmymaindomain.com

https://stackoverflow.com/questions/54884812/azure-ad-is-not-redirecting-to-the-mdm-term-of-use-url

Icaro Battle
  • 1
0

In our case, SunnySun is correct: "Automatic MDM enrollment with Azure AD Join must be assigned a valid Azure Active Directory Premium license."

HOWEVER,

We were on a trial and it expired. The setting to change this requirement or setting is not available without a valid license so we are screwed at the moment.

naps1saps
  • 168
  • 2
  • 12