We’ve heard a few questions recently from customers looking for guidance how to manage your Microsoft Teams Rooms devices with Intune. This post answers a few of the frequently asked questions and pr...
Updated Dec 01, 2023
Version 12.0
Blog Post
Hi Intune_Support_Team and Scott Duffey
I have seen that https://github.com/cazawideh has last week published two great docs articles regarding Intune compliance and MTR:
https://docs.microsoft.com/en-us/microsoftteams/rooms/conditional-access-and-compliance-for-devices
https://docs.microsoft.com/en-us/microsoftteams/rooms/supported-ca-and-compliance-policies?tabs=mtr-w
I believe the setup doesn't work for me as my DefaultUserName for AutoAdminLogon is "local\Skype". In the best practice article, the example policy mentioned "3. The resource account must be signing in on the Windows device platform". If there is no misunderstanding from my side, the normal design is always that the account which logs in to Windows is always the local Skype account. Can you please clarify this point?
My setup:
- Windows 10 Enterprise 20H2 (19042.1526)
- MTR app version 4.11.12.0
- Azure AD joined and Intune managed device (compliant)
- HP Elite Slice G2
- Local Skype account for AutoLogin
- Pure Online Resource Account licensed with Microsoft Teams Rooms Standard
- Supported meeting mode Microsoft Teams only with Modern Authentication enabled
My issue:
- If the resource account is authenticated against Azure AD the Sing-in logs "User sing-ins (non interactive)" shows under Device info only the Browser and operating system information, the Device id is empty and Compliant state is no
My test:
- Log in with the Azure AD resource account in Windows an start the Microsoft Teams Room app manually -> Sign-In request consider device information and Conditional Access Policy grant the access based on compliant device state
Thank you
Simon