Forum Discussion
Teams IP Phones and Android Device Administrator need on Intune
After discussing this topic with Softies I have confirmation that ADA is for now the only way. "For now" is the important part of that statement. So there are already thoughts to change that but currently nothing on roadmap. That means we have to live with ADA still for some time and there is no other way around 😞
After discussing this topic with Softies I have confirmation that ADA is for now the only way. "For now" is the important part of that statement. So there are already thoughts to change that but currently nothing on roadmap. That means we have to live with ADA still for some time and there is no other way around 😞
DaveChomi , The customer ended up using a Device group and finagling the ADA and conditional access to get the phones to log in. However, they still get issues with logging in these phones (or keeping them logged in). I hope MS finds a better solution and provides a detailed deployment guide or some sort of template to use for customers who just want to get their Teams phones signed in.
In our configuration it was advised that we not only needed to bypass CA on the accounts, but also create a device filter on the policies to exclude them. They had no firm reasoning behind it other than "they act strange if you don't filter them out."
Which I can confirm, before we did that I'd have sporadic device accounts just magically sign themselves out.
- Curious, how did you construct your filter? We tried to filter by manufacturer and/or model but it didn't seem to see that information and would ignore the filter and still assume they were Android mobile.
For our environment we are using this as a exclude: device.model -in ["mp56, uc-p10-c, vp59, crestron-touchpanel-1070-t, crestron-touchpanel-770-t"] (in addition to excluding the device acct's)
That was under the guidance of their support engineer that specializes in Teams Android devices in general, she stated without the exclusion they have a habit of acting strange. She stated any CA policy that has either android platform selected, or browser/mobile apps selected in client apps needs to have the devices filtered out. I had been chasing random device account logouts for months and this calmed it down even though it on the surface didn't appear it should have done anything as the accounts already were excluded and we never saw a logged hit on the policies.
