Forum Discussion

jangliss's avatar
jangliss
Iron Contributor
Apr 13, 2021
Solved

Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS

Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network?   I have a customer running Yealink MP56 phones and the latest firmwa...
microsoft teams
  • jangliss's avatar
    jangliss
    Jun 30, 2021

    So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.

     

    1. Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
    2. Create a new Device Type Restriction
    3. Give it a name
    4. On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
    5. Make sure "Android Device Administration" is set to ALLOW
    6. Click Next
    7. Click Next
    8. Under Assignments click Add Group and select the group of users that are signing into devices.
    9. Click through to finish the setup

     

    Wait a few minutes, and reboot the phone, login again.

     

    I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.

Ruslan_Bakharev's avatar
Ruslan_Bakharev
Brass Contributor
Jun 01, 2021
Hi guys,

We've faced the same issue with T55/T56/MP56/CP960 Yealink Phones.
And I'm pretty sure that it's related to the 1449/1.0.94.2021022403
The simpliest test with them >> upgrade Firmware to the latest one to get 1449/1.0.94.2021022403 on it and then downgrade FW to previous version.
Teams Version will remain the same after downgrade until you make factory reset.
So even with downgraded FW it causes the same issue.
Once you roll back to previous Teams Version by factory reset >> it will work ok.

DIdn't yet test CCX phones with the latest Teams Version but suspect the same issue
Jeroen Dijkman's avatar
Jeroen Dijkman
Brass Contributor
Jun 02, 2021

We have done the same procedure as described by Ruslan_Bakharev and came to the same conclusion. As soon as you upgrade the Teams app to 1449/1.0.94.2021022403 or 1449/1.0.94.2021033002 the logon loop issue occurs.
We have created a ticket with Microsoft and gave them all the usual stuff, logs, software version and even a video of the re-created issue. No useful reaction from MS yet.

 

Additional test:

-Using a cloud only account the issue does not occur. (So it seems linked to hybrid setup)

-Using a hybrid account and enroll the device into Intune, the issue does not occur. (Not clear why)

  • Ruslan_Bakharev's avatar
    Ruslan_Bakharev
    Brass Contributor
    Jun 02, 2021
    Well I've faced same issue with Intune managed device.
    So for me both test phone account (without conditional access) and my personal one with Intune provisioned looked quite similar.
    Overall I've noted in my env 3 different scenarios:
    1) Device freezes during connection/registration stage
    2) Device drops you to the main screen after some period of time during registration stage
    3) Device drops you to the main screen after you provision it with account. It works just for couple of minutes and then nothing.
    At the same time looking into Azure logs you don't see any blockage.
    And even strange in case of scenario 3 Azure removes device completely from AAD which is quite strange.

    I've opened a ticket with MS just recently as well providing logs and video showing the issue 🙂
    Hope it will help at least to investigate it faster.
    Same like BrandonJ365 I had to defer the phones auto update by 90 days in order to avoid impact on sites.
    • Jeroen Dijkman's avatar
      Jeroen Dijkman
      Brass Contributor
      Jun 08, 2021
      So I received feedback from Microsoft. They actually told me to solve the issue you have to allow the IP phone to be enrolled into Intune! Which for me is crazy. The Yealink IP phones we are using still have the Android Device Administrator as management option. Something we do not want to use.
      I have asked to Microsoft if they consider the Intune enrollment as a workaround. Because for me this is not the root cause of the issue.
      I also asked "What if we do not use Intune?". What solution do they have then.
      So I am awaiting their answer.

      To be continued.....
      • Ruslan_Bakharev's avatar
        Ruslan_Bakharev
        Brass Contributor
        Jun 09, 2021
        Hi Jeroen,

        From my personal experience communicating with support regarding Teams Phone devices is that they don't understand how to properly support Teams Phones.
        Recently I've got reply that I need to contact phone vendor for investigation regarding this issue 🙂
        And it's frustrating.

        Android Device Administrator was never properly adopted by Intune for Teams Phone devices that's why there are recommendations to disable multiple inspections for Teams Phones.
        (typical example was Trio 8500/8800 which was never properly working with Intune).

        Intune enrollment is completely not acceptable scenario in example for Common Area Phones which are running with Common Area Phone license (it has no Intune license in it).
        My personal opinion that Teams Phones should not be rolled to Intune until Intune will properly recognize and process such devices.
        Not like it's done right now.

        I'm happy at least that CAP phones are not in Intune and we're trying to do the same for Conference Phones.
        Unfortunately it's not possible for end-users because of Conditional Access.
  • jonasb120's avatar
    jonasb120
    Copper Contributor
    Jun 02, 2021

    Jeroen Dijkman I have too raised with MSFT. thanks for the info. i'll keep this thread updated if i get anywhere with this.

     

     

Resources