Forum Discussion
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
- Jun 30, 2021
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
jangliss BrandonJ365 KruthikaPonnusamy
So can anyone actually say they have this working correctly and be confident with the system as im pulling my hair out with this now.
If a user signs in with a CAP license all is fine, Its up to the point someone signs in with higher license which includes intune. The device tries to register into endpoint but fails. At this point the phone is rendered a paper weight, No one either with or without a intune license can sign in. Either fails and loops round or signs in as "Unknown User"
We only have one CA for MFA, Ive added the Enrolment restriction mentioned in the fix for this forum.
Ideally i want any user CAP or higher to be able to sign in with no issues and the device not to enrol into intune? Is this even possible now as the public MS information is very conflicting, had no issues up until this update.
Can KruthikaPonnusamy provide a list of everything thats needed to be in place? This would make life alot easier for all.
Thanks
https://docs.microsoft.com/en-us/microsoftteams/devices/phones-displays-deploy
https://docs.microsoft.com/en-us/microsoftteams/itadmin-readiness#teams-android-devices
At a high level:
1. if you have (intune license + device management policies setup for the account used to sign into the Teams phone), there are certain requirements you have to meet w.r.t endpoint management. This is covered in the links above.
2. If you dont have intune license, make sure that Intune CA policies are disabled for the account.
3. If you have CAP license, Intune license is an add-on. See #2 above.
4. Device management via Teams Admin Center does not provide endpoint management.
- jimgrumblesAug 04, 2021Copper ContributorAgreed. InTune seems to just foul things up. Even with devices added with a corporate identifier InTune feels the need to intervene and declare the device as new and count it towards a user's device limit that can't be raised beyond 15.
- Jeroen DijkmanJul 30, 2021Brass ContributorWhat about companies who do not use Intune or do not want to use Intune for the IP phone management? Is there a solution that Microsoft can offer for these use cases?
I like to compare it to the Teams Meeting Room Devices where you have no need for Intune enrollment.