Forum Discussion

MTSBob's avatar
MTSBob
Steel Contributor
Sep 15, 2020
Solved

Problems with Native Teams desk phones as Common Area Phones

Has anyone gotten this to work? I've provisioned several user accounts to assign CAP license to as follows (and waited more than 48 hours):   1. Common Area Phone License 2. Microsoft 365 Domestic...
Calling
microsoft teams
  • RMLee's avatar
    RMLee
    Sep 25, 2020

    ChrisWebbTech 

     

    We're having the same issue as the OP.

    The common area phone accounts in question are in Teams Only mode.

    Some persons are still in Hybrid, but this shouldn't matter as the CAP is Teams Only, licensed, and configured properly.

    The problem comes when the device is trying to register with the tenant and InTune it will loop and eventually go back to the sign in screen.

     

    There are logs in the Azure tenant where the initial log in is a success, but registration is a failure due to "a change by your administrator, or you need to register for MFA". The account is exempted from MFA in conditional access, and has enrollment restrictions enabled for device administrator as well as been added as a Corporate managed device with serial number. Trying to log in with a normal account on the phone is a success with no MFA. Conditional Access "What If" testing shows no policies applied with the current scenario.

     

    Very interesting issue.

RMLee's avatar
RMLee
Copper Contributor
Sep 25, 2020

ChrisWebbTech 

 

We're having the same issue as the OP.

The common area phone accounts in question are in Teams Only mode.

Some persons are still in Hybrid, but this shouldn't matter as the CAP is Teams Only, licensed, and configured properly.

The problem comes when the device is trying to register with the tenant and InTune it will loop and eventually go back to the sign in screen.

 

There are logs in the Azure tenant where the initial log in is a success, but registration is a failure due to "a change by your administrator, or you need to register for MFA". The account is exempted from MFA in conditional access, and has enrollment restrictions enabled for device administrator as well as been added as a Corporate managed device with serial number. Trying to log in with a normal account on the phone is a success with no MFA. Conditional Access "What If" testing shows no policies applied with the current scenario.

 

Very interesting issue.

MTSBob's avatar
MTSBob
Steel Contributor
Sep 25, 2020

Thanks for confirming! RMLee 

Resources