MicrosoftWe had one phone (Yealink MP54) that was updated, where we encountered signing-in loop issues. After reading this article, we followed the process, created the AOSP policy in Intune, and the user successfully signed into the phone, happily enrolling it into Intune as an AOSP device. However, updating other MP54s to the same firmware didn't automatically update the phone from DA to AOSP. In TAC, the company portal app has disappeared from the phones, and Intune and Authenticator are on the phone now, but there is no change in Intune; the device is still enrolled as Device Admin. What do we need to do to start the process? We thought it was automatic.
On another hand, we had a few MP52s (E1) that will never receive an update. However, very recently, we started seeing sign-in issues. What we see in Entra is sign-in failure 50199 (user confirmation is required for this request. Please repeat the request allowing user interaction), no CAP. Next, the user is prompted to provide MFA; this time, MAM CAP is applied, which is enforcing MFA. However, this CAP has an excluded filter applied for "Manufacturer contains Yealink," which means that all Yealink devices should have been excluded from this policy, but they are not anymore. Has anything changed recently with DA to AOSP migration that would break CAP exclusion filters? If users presses X on the device, they go on home screen and device is enrolled as DA in Intune but Entra is showing us sign in failures.
I don't have that many devices, but had problems with the Yealink MP54 and MP56 working with the new policy so I ended up deleted them, resetting to default and starting over. The phones are so horrible to work with that this was the least painful option to me. If it weren't for a few members of the dial-tone generation, I'd get rid of the handsets altogether and only support softphone devices connected to user's computers.
