Forum Discussion
Solved
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network? I have a customer running Yealink MP56 phones and the latest firmwa...
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
Hi All,
An update on our side. We are using Intune and when we allowed the device to be enrolled when the user signs in the issue does not happen.
Not sure why but it seems stable.
An update on our side. We are using Intune and when we allowed the device to be enrolled when the user signs in the issue does not happen.
Not sure why but it seems stable.
Jeroen, can you give additional details on what you had to do to fix it?
We use ADFS with synced accounts to AAD. When I update a phone to latest version, seems ok at first but if user logs out of that phone, they are unable to log back in. Almost like a log in loop. It prompts user for mfa and it almost looks like it is going to log in but then it goes back to original start page where it displays the login code. This happens on or off internal network. I did create a test@company.onmicrosoft.com and it seems to work fine.
Rolling back to older firmware like 6.0.X on Poly CCX phones, user is able to log in again.
We use ADFS with synced accounts to AAD. When I update a phone to latest version, seems ok at first but if user logs out of that phone, they are unable to log back in. Almost like a log in loop. It prompts user for mfa and it almost looks like it is going to log in but then it goes back to original start page where it displays the login code. This happens on or off internal network. I did create a test@company.onmicrosoft.com and it seems to work fine.
Rolling back to older firmware like 6.0.X on Poly CCX phones, user is able to log in again.
- Hi _tricks, what I did was allow the IP phone to enroll into Intune. The Yealink T55A we use has Android version 7.1 and can only be enrolled into Intune as "device administrator" which we actually are blocking for personal devices.
So what we did was upload the serial number of the Yealink phone into Intune as a corporate identifier. This will then allow the device to be enrolled.
When we had the device enrolled into Intune we could log out and back in. Using different user accounts and the device kept working. As soon as I removed the device from Intune enrollment and tried the log out / log in it would get into the loop again.
So without Intune enrollment we still need to downgrade the Teams app version and device firmware......
So you could say this is kind of a workaround.- I've done a single device test successfully doing what Jeroen described...a Trio C60. Our Android version "floor" is currently excluding the single AudioCodes C450HD test device I have and I've not pushed to have the floor lowered just for the test. Registering the device's serial along in InTune didn't get around our Android version limit.
- EVERYONE....please reach out to your TAMs, support engineers, whoever you can and push for greater visibility of this issue! We've had a case open for a month now and getting pretty much nowhere. Last week, MS engaged Poly support believing it to be their problem for some reason...as if it's a base firmware issue rather than a problem with the Teams app code itself.
As I understand it, the base firmware is "owned" by the phone manufacturers. Of course every manufacturers firmware is different. Our Poly phones run Android 9. I know the AudioCodes C450HD runs Android 7. It seems pretty obvious to me that the common thread between Poly, AudioCodes, and Yealink phones is the Teams app code itself, not the base firmware.
Keep in mind that we (the customer) haven't been given control to disable automatic firmware upgrades from Teams Admin Center. The best we can do is defer 90 days. Even if you back-level the code, the phone is going to get the upgrade forced back down to it by Microsoft. And if you miss one setting the 90 day deferral, that 30 days is going to be hitting you very soon.
