Forum Discussion

jangliss's avatar
jangliss
Iron Contributor
Apr 13, 2021
Solved

Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS

Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network?   I have a customer running Yealink MP56 phones and the latest firmwa...
microsoft teams
  • jangliss's avatar
    jangliss
    Jun 30, 2021

    So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.

     

    1. Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
    2. Create a new Device Type Restriction
    3. Give it a name
    4. On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
    5. Make sure "Android Device Administration" is set to ALLOW
    6. Click Next
    7. Click Next
    8. Under Assignments click Add Group and select the group of users that are signing into devices.
    9. Click through to finish the setup

     

    Wait a few minutes, and reboot the phone, login again.

     

    I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.

Jacob_B's avatar
Jacob_B
Copper Contributor
Apr 30, 2021
This ended up being an issue with a DNS server for my phone, but Microsoft and Yealink did not find it.
  • Jeroen Dijkman's avatar
    Jeroen Dijkman
    Brass Contributor
    May 10, 2021
    Hi All,
    An update on our side. We are using Intune and when we allowed the device to be enrolled when the user signs in the issue does not happen.
    Not sure why but it seems stable.
    • _tricks's avatar
      _tricks
      Copper Contributor
      May 10, 2021
      Jeroen, can you give additional details on what you had to do to fix it?
      We use ADFS with synced accounts to AAD. When I update a phone to latest version, seems ok at first but if user logs out of that phone, they are unable to log back in. Almost like a log in loop. It prompts user for mfa and it almost looks like it is going to log in but then it goes back to original start page where it displays the login code. This happens on or off internal network. I did create a test@company.onmicrosoft.com and it seems to work fine.
      Rolling back to older firmware like 6.0.X on Poly CCX phones, user is able to log in again.
      • Jeroen Dijkman's avatar
        Jeroen Dijkman
        Brass Contributor
        May 11, 2021
        Hi _tricks, what I did was allow the IP phone to enroll into Intune. The Yealink T55A we use has Android version 7.1 and can only be enrolled into Intune as "device administrator" which we actually are blocking for personal devices.
        So what we did was upload the serial number of the Yealink phone into Intune as a corporate identifier. This will then allow the device to be enrolled.

        When we had the device enrolled into Intune we could log out and back in. Using different user accounts and the device kept working. As soon as I removed the device from Intune enrollment and tried the log out / log in it would get into the loop again.
        So without Intune enrollment we still need to downgrade the Teams app version and device firmware......

        So you could say this is kind of a workaround.

Resources