Recently I had a quite weird issue on full fresh Windows 10 1903 Enterprise device after buying a Surface Pro 6.
When trying to add a Microsoft Account (MSA) – which is required to link with my mobile phone, I ended with the error
This program is blocked by group policy.
With the error code 0x800704c
All research I have done related to this error code always went back to some Windows Store issue; despite following all the actions proposed, this was still not working.
The weird thing is the same AAD user account on another device also Azure AD joined to the same tenant and in the same configuration, there was no issue.
After some digging, finally found 2 root causes:
- A registry key, which did not exist in any of the other devices I’m using without issue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Accounts
“AllowMicrosoftAccountConnection”=dword:00000000
“AllowMicrosoftAccountConnection_ProviderSet”=dword:00000001
- The Microsoft Account Sign-in Assistant was in Disabled startup type
The solution is to:
- Set back the Microsoft Account Sign-in Assistant to Manual startup type
- Either delete the registry key reference above or change the value of AllowMicrosoftAccountConnection from 0 to 1