Forum Discussion

jangliss's avatar
jangliss
Iron Contributor
Apr 13, 2021
Solved

Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS

Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network?   I have a customer running Yealink MP56 phones and the latest firmwa...
microsoft teams
  • jangliss's avatar
    jangliss
    Jun 30, 2021

    So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.

     

    1. Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
    2. Create a new Device Type Restriction
    3. Give it a name
    4. On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
    5. Make sure "Android Device Administration" is set to ALLOW
    6. Click Next
    7. Click Next
    8. Under Assignments click Add Group and select the group of users that are signing into devices.
    9. Click through to finish the setup

     

    Wait a few minutes, and reboot the phone, login again.

     

    I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.

Graham_Watling's avatar
Graham_Watling
Copper Contributor
Jul 22, 2021

jangliss BrandonJ365 KruthikaPonnusamy 

 

So can anyone actually say they have this working correctly and be confident with the system as im pulling my hair out with this now.

 

If a user signs in with a CAP license all is fine, Its up to the point someone signs in with higher license which includes intune. The device tries to register into endpoint but fails. At this point the phone is rendered a paper weight, No one either with or without a intune license can sign in. Either fails and loops round or signs in as "Unknown User" 

 

We only have one CA for MFA, Ive added the Enrolment restriction mentioned in the fix for this forum.

 

Ideally i want any user CAP or higher to be able to sign in with no issues and the device not to enrol into intune? Is this even possible now as the public MS information is very conflicting, had no issues up until this update.

 

Can KruthikaPonnusamy provide a list of everything thats needed to be in place? This would make life alot easier for all.

 

Thanks

KruthikaPonnusamy's avatar
KruthikaPonnusamy
Icon for Microsoft rankMicrosoft
Jul 23, 2021
We have recently published tenant admin documentation. The questions you are asking are addressed in either of these 2 links.


https://docs.microsoft.com/en-us/microsoftteams/devices/phones-displays-deploy
https://docs.microsoft.com/en-us/microsoftteams/itadmin-readiness#teams-android-devices

At a high level:
1. if you have (intune license + device management policies setup for the account used to sign into the Teams phone), there are certain requirements you have to meet w.r.t endpoint management. This is covered in the links above.
2. If you dont have intune license, make sure that Intune CA policies are disabled for the account.
3. If you have CAP license, Intune license is an add-on. See #2 above.
4. Device management via Teams Admin Center does not provide endpoint management.
  • jimgrumbles's avatar
    jimgrumbles
    Copper Contributor
    Aug 04, 2021
    Agreed. InTune seems to just foul things up. Even with devices added with a corporate identifier InTune feels the need to intervene and declare the device as new and count it towards a user's device limit that can't be raised beyond 15.
  • Jeroen Dijkman's avatar
    Jeroen Dijkman
    Brass Contributor
    Jul 30, 2021
    What about companies who do not use Intune or do not want to use Intune for the IP phone management? Is there a solution that Microsoft can offer for these use cases?
    I like to compare it to the Teams Meeting Room Devices where you have no need for Intune enrollment.

Resources