OPERATIONAL DEFECT DATABASE
...
...
When attempting to enroll, the user receives one of the following "Enrollment Blocked" errors: "Your account is not allowed to enroll. Please contact your system administrator." "Enrollment blocked: You are not allowed to enroll your device. Please contact your administrator." "This device is registered to another user. Contact your administrator"
This behavior may occur when the account has been blocked, or another user is registered to the device, or when settings are not configured as expected in the Workspace ONE UEM Console. "Your account is not allowed to enroll. Please contact your system administrator." It is possible that the settings on the UEM Console do not allow external accounts(accounts not yet added to the UEM console) to enroll the device. "Enrollment blocked: You are not allowed to enroll your device. Please contact your administrator." The console admin might have configured settings that restrict enrollment to only Registered devices. This issue occurs if the device is not registered by the admin.The device may already be enrolled in UEM in another organizational group, and a combination of factors (device type and UEM settings) prevent re-enrollment. Find the device in the console, delete it, and re-enroll. "Enrollment blocked: This device is registered to another user. Contact your administrator" This issue occurs on Corporate-Owned devices where the device is still registered to the previous user. You must delete and re-register the device with the new user.
To resolve these errors, verify whether the restrictions below are currently in place: "Your account is not allowed to enroll. Please contact your system administrator." Within the Workspace ONE UEM Console, switch your view to the organization group where the device is attempting to enroll, then navigate to Groups & Settings > All Settings > Devices & Users > General > Enrollment.Click on Restrictions and determine if any enrollment restrictions are in place. If the Restrict Enrollment To Known Users option is selected, ensure the relevant user account is already present in the Console before enrollment.If the option Restrict Enrollment To Configured Groups is selected, ensure that the user is included in those approved user groups. Note: If you would prefer that no restrictions are in place, disable the two options listed above. "Enrollment blocked: You are not allowed to enroll your device. Please contact your administrator." Within the Workspace ONE UEM Console, switch your view to the organization group where the device is attempting to enroll, then navigate to Groups & Settings > All Settings > Devices & Users > General > Enrollment.Under the Authentication tab, check the Device Enrollment Mode setting. It will be set to 'Registered devices only'. Navigate to the UEM Console home screen and click Accounts > Users > List View.Select the user in question and click Add Device located on the top-right section.Fill in the required details to register a device for the user and save the changes. Try enrollment after making these changes. "Enrollment blocked: This device is registered to another user. Contact your administrator" Log into the relevant Workspace ONE UEM ConsoleNavigate to Devices > Lifecycle > Enrollment Status and search for the affected device using the parameter used to register the device previously(e.g. Serial number, IEMI number etc.). Alternatively, you can also search for the user to which the device was previously enrolled.When the device is found, click on the check box next to the device name. Click More Actions as shown in the image below and revoke the token from the device and click Delete. Ensure to double-check if you are deleting the correct device and it is not currently enrolled to any user. When the device registration is deleted, register this device again with the new user. Register the device following steps as suggested in the Error 2 resolution and ask the user to enroll the device. If you are attempting to unenroll and reenroll the same device into Workspace ONE, see How to Unenroll and Reenroll devices into Workspace ONE UEM.
See the "Enrollment Denied, Device Not Approved" error during Workspace ONE enrollment if you are experiencing this error. If you are receiving a 403 error, please utilize this resource: "403: Not allowed" error when enrolling devices based on tag assignment.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
