Blog Post

Microsoft Teams Blog
2 MIN READ

Microsoft Teams IP Phones and Intune Enrollment

KruthikaPonnusamy's avatar
KruthikaPonnusamy
Icon for Microsoft rankMicrosoft
Feb 04, 2019

Note: The firmware fix needed to handle the enrollment flow described below has been deployed and the workarounds are no longer needed

 

For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.  

 

Allowing successful Intune enrollment for Android versions 5.x and up 

If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment: 

  • You are deploying a Teams IP phone with Android OS version 5.x or later. 
  • You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices. 
  • You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll. 

The recommended deployment configuration is (only one of these two are necessary):  

  • Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile.  This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device. 
  • If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".  Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant.  Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.     

We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.

 

Device-based Exception via Intune 

Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in. 

Updated Jun 22, 2021
Version 3.0
Calling
deployment
microsoft teams

59 Comments

Sort By
Show More
  • JoergB's avatar
    JoergB
    Copper Contributor
    May 03, 2019

    Hallo ,

    I am only a Full Feature guy with M365 E5 and Direct Routing and very Limited Time on the day where I can spend for testing implementation of my teams devices I try to find for my adoptions. In this story I also find every Bug ever I believe existing in Teams Phone because we have to switch all  users in once to Teams Direct routing without having the right devices ( my users love Hardware). Now a Bird from Microsoft is spelling me that we have to switch soon to the right mode and the right hardware! 

     

    In my tests I always seen that devices are not registered in the Teams Admin Portal and also I test the intune Integration but I don‘t find that it better run. 

     

    Please is it possible to give a recommendation deployment plan to me so I know how to deploy all in the right and best way for my E5, Dial Only Conference Rooms, Desktop Apps , Phone Apps (IOS). And as you know the UI Feature set of Teams Phone is currently not fit for production and it would be nice to have a deployment plan when it will become interested to roll out.  

    And which Guy in Germany can help me ? But not for selling me hours of service but to share experience and solution in any kind.

  • MarkL's avatar
    MarkL
    Iron Contributor
    Feb 11, 2019

    Looking forward to testing once the firmware has been updated to resolve this issue.

  • Hrvoje Kusulja's avatar
    Hrvoje Kusulja
    MVP
    Feb 08, 2019

    Please provide more information about, how should AAD user (and needed licenses, Intune? etc.) for Android phone should be set-up, some best practice actions, intune compliance policies, shared meeting rooms (exchange resource room mailbox etc.) with shared Yealink phones are needed.

  • shawn harry's avatar
    shawn harry
    Iron Contributor
    Feb 06, 2019

    KruthikaPonnusamyAware of that but encryption was not enabled in my tenant for MFA. The issue is easily reproducable and when MFA Auth Join was enabled enrollment wasn't possible due to the restrictions i already noted above.

  • Swaminathan Balakrishnan's avatar
    Swaminathan Balakrishnan
    Copper Contributor
    Feb 05, 2019

    I have a similar device Yealink T58A and it signs-in and kick out automatically, i see the sign-in has been successful when the Intune licenses are turned OFF for the account. I have already Opened a case MS and they suggested me to create an rule exception, which is not working apparently.

  • shawn harry's avatar
    shawn harry
    Iron Contributor
    Feb 05, 2019

    MFA was enabled in AAD Admin Centre for device join in my tenant. MFA was required to login to the phone but this also prompted the handset to be encrypted which was only possible if a PSU was plugged into the handset according to the on screen warning which could not be bypassed. Disabling MFA resolved. I did this after disabling AFW and was then able to enroll the phone.

     

    https://shawnharry.co.uk/2019/01/07/configuring-yealink-t58a-for-microsoft-teams/