Low severityauthentication
Power BI Error:
AADSTS240001, User Not Authorized to Join Devices to Entra ID
What does this error mean?
The signed-in user lacks permission to bulk-register or join devices to Microsoft Entra ID (Azure AD).
Common causes
- 1Device settings in Entra ID restrict 'Users may join devices to Microsoft Entra' to a specific group that excludes this user
- 2The user account used to generate the bulk enrollment provisioning package lacks the Cloud Device Administrator or Intune Administrator role
- 3Per-user device quota (Maximum number of devices per user) has been reached for the account performing the bulk join
- 4The bulk AAD Join token (created via Windows Configuration Designer) was generated by an unauthorized account or has expired (tokens are valid 180 days)
- 5Conditional Access or MFA requirements blocked the device-registration service principal for this user
How to fix it
- 1In the Entra admin center → Devices → Device settings, set 'Users may join devices to Microsoft Entra' to All (or add the user to the allowed group)
- 2Assign the account creating the bulk token the Cloud Device Administrator role (or have a Global/Intune Administrator generate the provisioning package)
- 3Check the user's device count under Devices → All devices and increase the 'Maximum number of devices per user' quota if it's been hit
- 4Re-create the bulk enrollment token in Windows Configuration Designer with an authorized account and reprovision the device with the fresh package
- 5Review Conditional Access policies targeting the 'Microsoft Device Registration Service' app and exclude the bulk-join account or device-registration flow