device management could not be enabled error during login

Dear Robin Boyd,

Thank you for posting your question on the Microsoft Q&A forum.

To better understand the situation, could you please clarify a few details?

• Does the error appear after entering your work email in Word, Excel, or Outlook?
• Is the device personal or managed by your company/organization?
• During the sign-in process, do you see a prompt asking “Allow my organization to manage this device”?

If you only need to sign in to the Office applications and do not need the device to be managed by your organization, selecting “No, sign in to this app only” instead of “Allow my organization to manage this device” may help bypass the error.

The error “Device management could not be enabled” when signing into Microsoft 365 desktop applications usually occurs when the device attempts to automatically enroll into device management (MDM), but the enrollment process is blocked or fails. Below are some steps that might help you:

1/ Reconnect the work account from Windows

• Go to Settings > Accounts > Access work or school.
• Select your work account.
• Click Disconnect.
• Restart your computer.
• Open an Office app and sign in again

2/ Clear Cached Credentials and Identity Data

• Ensure all Office applications are closed.
• Open File Explorer and navigate to the following folders (one at a time):
  • %localappdata%\Microsoft\OneAuth
  • %localappdata%\Microsoft\IdentityCache
• Delete the contents inside these folders. 

3/ Remove Old Credentials

• Open Control Panel
• Go to Credential Manager
• Select Windows Credentials
• Remove entries related to:
  • MicrosoftOffice
  • ADAL
  • AzureAD
  • Office 365
• Restart the computer and try signing in again.

If the issue persists, you may need to check with your IT Administrator to verify the device management configuration if:

• The device is not allowed to enroll.
• The device enrollment limit has been reached
• MDM auto-enrollment policies are misconfigured

I hope this information helps. If you have any additional details or questions, please feel free to share them.

If this response resolves your issue, kindly click Accept Answer and consider upvoting. If you need further clarification, please click Comment.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

The error “device management could not be enabled” during sign-in is typically related to the device being brought under organizational management (MDM/MAM) when that is not desired or not correctly configured.

From the referenced case, this error was triggered after the user accepted the prompt:

“Automatically sign in to all desktop apps and websites on this device”

and chose Yes to allow the organization to manage the device. That decision attempted to enable device management and led to the error.

Actionable steps based on the context:

1. Review whether the device was inadvertently enrolled or partially enrolled into organizational management when that prompt was accepted.
2. If this was not intended (for example, a personal device or a device that should not be MDM-managed), work with the organization’s admin to:
   • Remove or correct the device’s management state in Microsoft Entra ID / Intune.
   • Have the user sign out of the work account on the device and sign back in, declining any prompt that offers to let the organization manage the device if management is not required.
3. If the device is supposed to be managed, ensure that MDM enrollment and policies are correctly configured in the tenant before attempting sign-in again.

If the problem persists after correcting the management choice and device state, escalation to the organization’s IT admin or Microsoft support is required to review the tenant’s device management configuration.

References:

• Device management could not be enabled - Microsoft Q&A