The issue

The reason for this message is usually that the client believes it is in progress of joining a Azure AD tenant, and therefore refuses your request. This state can be caused by a number of events and reasons…

Error 8018000a: “Something went wrong. The device is already enrolled. You can contact your system administrator with the error code 8018000a.

Pre-checks

Some things to verify before proceesing:
– The device should NOT be in your Intune portal https://portal.azure.com/#blade/Microsoft_Intune_Devices
– Verify that the computer is not in fact joined. Run this command in an elevated prompt: dsregcmd /status

The fix

To troubleshoot this issue I used process monitor and found what Windows does when we try to join Azure AD.
After some testing it showed that if we remove the traces from “ongoing Azure AD join” the wizard will continue and succeed.

You can do this by deleting all GUIDs under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
Make sure to NOT delete Context, Ownership, Status and ValidNodePaths.

This can be achieved manually or by the following PowerShell script.

$EnrollmentsPath = "HKLM:\SOFTWARE\Microsoft\Enrollments\"
$Enrollments = Get-ChildItem -Path $EnrollmentsPath
$DiscoveryServerFullUrls = @("https://wip.mam.manage.microsoft.com/Enroll")
Foreach ($Enrollment in $Enrollments) {
$EnrollmentObject = Get-ItemProperty Registry::$Enrollment
if ($EnrollmentObject."DiscoveryServiceFullURL" -in $DiscoveryServerFullUrls ) {
$EnrollmentPath = $EnrollmentsPath + $EnrollmentObject."PSChildName"
Remove-Item -Path $EnrollmentPath -Recurse
& "C:\Windows\System32\deviceenroller.exe /c /AutoEnrollMDM"
}
}