Forum Discussion
Problems with Native Teams desk phones as Common Area Phones
We're having the same issue as the OP.
The common area phone accounts in question are in Teams Only mode.
Some persons are still in Hybrid, but this shouldn't matter as the CAP is Teams Only, licensed, and configured properly.
The problem comes when the device is trying to register with the tenant and InTune it will loop and eventually go back to the sign in screen.
There are logs in the Azure tenant where the initial log in is a success, but registration is a failure due to "a change by your administrator, or you need to register for MFA". The account is exempted from MFA in conditional access, and has enrollment restrictions enabled for device administrator as well as been added as a Corporate managed device with serial number. Trying to log in with a normal account on the phone is a success with no MFA. Conditional Access "What If" testing shows no policies applied with the current scenario.
Very interesting issue.
MTSBob : We had something similar issue with Multifactor. Our workaround was to sign onto office.com as the user account then when fully signed on open another tab and go to microsoft.com/devicelogin and complete the process. Note: even though the broker window says you can close the window do not until the setup has completed. This solved the endless sign-on issue for us.