Workspace ONE UEM: Mobile Device Management (MDM) was blocked

This time just a small blog post to help people having the same problem as me. I was trying to enroll a Windows 10 device in Workspace ONE UEM and was unsuccessful.

The problem

The onboarding was initially done via the command-line enrollment and I noticed after the setup was done the device was not added in the Workspace ONE UEM admin console.

When I looked in the WS1 Hub log file location C:\ProgramData\AirWatch\UnifiedAgent\Logs, specifically log file DeviceEnrollment.log, I noticed the following error:

Mobile Device Management was blocked, possibly by Group Policy or the SetManagedExternally function

When I installed the agent manually, I saw the same error message:

The solution

After some digging on the internet, I found out the problem. It turned out to be pretty simple. In my case, the device had a registry setting configured which was disallowing MDM enrollment.

HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM

“DisableRegistration” was set to “1“. Configuring this to “0” solved the problem:

Please note this could also be a GPO forcing this setting. However, this was not the case in my lab:

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Leave a Reply Cancel reply