Microsoft 365 Apps activation error: “Your organization has disabled this device”

When trying to activate Microsoft 365 apps, you might encounter the following error:

Your organization has disabled this device

Try the following troubleshooting methods to solve the problem.

Note Some of these troubleshooting methods can only be performed by a Microsoft 365 admin. If you aren’t an admin, see How do I find my Microsoft 365 admin?

Enable the device in Azure Active Directory (Azure AD)
  1. Sign in to the Azure portal.
  2. Select Azure Active Directory > Devices.
  3. Check the disabled devices list in Devices, by searching on the user name or device name.
  4. Select the device, and then select Enable.

If the device has been deleted in Azure AD, you need to re-register it.

  1. Go to Settings > Accounts > Access Work or School.
  2. Select the account and select Disconnect.
  3. Select Connect and register the device again by going through the sign in process.

Reset Microsoft 365 activation state

Run the Microsoft Support and Recovery Assistant (SaRA) to reset the Microsoft 365 activation state.

For manual steps or more information, see Reset Microsoft 365 Apps for enterprise activation state.

Check for a duplicate device

An admin can check for duplicate devices that might be blocking activation, and remove them. For instructions, see How To: Manage stale devices in Azure AD.

After the duplicate device is removed , delete your BrokerPlugin data and then reinstall it using the following steps:

  1. Open File Explorer, and put the following location in the address bar:
    %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts
  2. Press CTRL + A to select all.
  3. Right-click in the selected files and choose Delete.
  4. Put the following location in the File Explorer address bar:
    %LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts
  5. Select all files and delete them.
  6. Restart the device.
  7. Download and run the SaRA package for sign in issues.

For manual troubleshooting for step 7, or for more information, see Fix authentication issues in Office applications when you try to connect to a Microsoft 365 service.


Make sure the device is enrolled in Mobile Device Management (MDM)

Check whether the device is enrolled in MDM using the information in the Tenant Details section of Troubleshoot devices by using the dsregcmd command.

If it isn’t, an admin can configure MDM enrollment in Azure AD using the information in Set up enrollment for Windows devices.

After that, enroll the device in MDM. For instructions, see MDM enrollment of Windows 10-based devices.

Sign in to Azure AD
  1. Open a Command Prompt window as an administrator. From Start, type cmd.exe in the search box, right-click Command Prompt in the list, and then select Run as administrator.
  2. Type the following command, and then press Enter: dsregcmd /forcerecovery
  3. Select Sign in in the dialog box that appears, and complete sign in.
  4. From Start, select your profile, and then select Sign out.
  5. Sign in to Windows again and try to activate Microsoft 365 Apps.

Leave and rejoin Azure AD
  1. Open a Command Prompt window as an administrator. From Start, type cmd.exe in the search box, right-click Command Prompt in the list, and then select Run as administrator.
  2. Type the following command, and then press Enter: dsregcmd /status
  3. Check if the device is joined to Azure AD. For more details, see Troubleshoot devices by using the dsregcmd command.
  4. If the AzureAdjoined value is YES, continue to step 5. If it’s NO, skip to step 11.
  5. Type the following command, and then press Enter: dsregcmd /leave
  6. Type the command dsregcmd /status again and press Enter.
  7. Verify that the AzureAdjoined value is NO.
  8. Restart the device.
  9. Open a Command Prompt as administrator, and type the dsregcmd /status command again.
  10. If the AzureAdjoined value is YES, try to activate Microsoft 365 Apps again. If it’s NO, continue to the next step.
  11. Download PsExec.
  12. Return to the Command Prompt and type the following command: psexec -i -s cmd.exe
  13. In the new Command Prompt window that opens, type the following command: dsregcmd /join
  14. Type the dsregcmd /status command again, and verify that the AzureAdjoined value is YES.
  15. Try to activate Microsoft 365 Apps again.

Additional troubleshooting

If the above methods don’t solve the problem, try the troubleshooting methods in Microsoft 365 Apps activation error: “Sorry, another account from your organization is already signed in on this computer”