Share via

Autopilot / work or school account setup lock.

Eddie Gadd 0 Reputation points
2026-03-10T15:31:59.4+00:00

Windows 11 setup is forcing a work or school sign-in from a previous organisation after a clean reinstall. The device was deleted from Entra ID, Intune, and Windows Autopilot, but OOBE still binds to the old tenant.

Microsoft Security | Intune | Enrollment
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-10T15:32:11.89+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The device is still going through the “Set up for work or school” path and being treated as a personal device, so OOBE is trying to enroll it back to an organization. Deleting the device objects from Microsoft Entra ID, Intune, and Windows Autopilot alone does not change that behavior.

    Two supported ways to break this loop are:

    1. Allow this enrollment path (personal device) for the affected users
      1. In the Microsoft Intune admin center, go to Devices > Enroll devices > Enrollment device platform restrictions.
      2. Select Windows restrictions > Create restriction (or edit an existing one for the target users).
      3. On Platform settings, set Personally owned devices to Allow.
      4. Assign this restriction to the user group that needs to complete OOBE.
      5. Re-run OOBE and choose Set up for work or school; the device will join Microsoft Entra ID and enroll in Intune.
      If personal Windows enrollment is blocked for security reasons, scope this “Allow” policy only to a small group of users who need it.
    2. Use Windows Autopilot instead of the “Set up for work or school” personal path If personal enrollment must remain blocked, enroll the device as a corporate Autopilot device and let OOBE run in user‑driven mode:
      1. Register the hardware in Windows Autopilot and assign a Windows Autopilot deployment profile.
      2. In the profile, use Deployment mode: User-driven and the desired Join to Microsoft Entra ID as option.
      3. Distribute the device and let OOBE run; Autopilot will:
        • Detect the assigned profile.
        • Join the device to Microsoft Entra ID.
        • Enroll it into Intune and apply policies.

    If the device was previously only “Microsoft Entra registered” (Workplace join) and not properly cleaned up, ensure all old device objects are removed from:

    • Microsoft Intune
    • Microsoft Entra ID
    • Windows Autopilot

    Then re-register and re-enroll the device using Autopilot or the allowed personal enrollment path.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.