Forum Discussion
Solved
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network? I have a customer running Yealink MP56 phones and the latest firmwa...
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
We have done the same procedure as described by Ruslan_Bakharev and came to the same conclusion. As soon as you upgrade the Teams app to 1449/1.0.94.2021022403 or 1449/1.0.94.2021033002 the logon loop issue occurs.
We have created a ticket with Microsoft and gave them all the usual stuff, logs, software version and even a video of the re-created issue. No useful reaction from MS yet.
Additional test:
-Using a cloud only account the issue does not occur. (So it seems linked to hybrid setup)
-Using a hybrid account and enroll the device into Intune, the issue does not occur. (Not clear why)
Well I've faced same issue with Intune managed device.
So for me both test phone account (without conditional access) and my personal one with Intune provisioned looked quite similar.
Overall I've noted in my env 3 different scenarios:
1) Device freezes during connection/registration stage
2) Device drops you to the main screen after some period of time during registration stage
3) Device drops you to the main screen after you provision it with account. It works just for couple of minutes and then nothing.
At the same time looking into Azure logs you don't see any blockage.
And even strange in case of scenario 3 Azure removes device completely from AAD which is quite strange.
I've opened a ticket with MS just recently as well providing logs and video showing the issue 🙂
Hope it will help at least to investigate it faster.
Same like BrandonJ365 I had to defer the phones auto update by 90 days in order to avoid impact on sites.
So for me both test phone account (without conditional access) and my personal one with Intune provisioned looked quite similar.
Overall I've noted in my env 3 different scenarios:
1) Device freezes during connection/registration stage
2) Device drops you to the main screen after some period of time during registration stage
3) Device drops you to the main screen after you provision it with account. It works just for couple of minutes and then nothing.
At the same time looking into Azure logs you don't see any blockage.
And even strange in case of scenario 3 Azure removes device completely from AAD which is quite strange.
I've opened a ticket with MS just recently as well providing logs and video showing the issue 🙂
Hope it will help at least to investigate it faster.
Same like BrandonJ365 I had to defer the phones auto update by 90 days in order to avoid impact on sites.
- So I received feedback from Microsoft. They actually told me to solve the issue you have to allow the IP phone to be enrolled into Intune! Which for me is crazy. The Yealink IP phones we are using still have the Android Device Administrator as management option. Something we do not want to use.
I have asked to Microsoft if they consider the Intune enrollment as a workaround. Because for me this is not the root cause of the issue.
I also asked "What if we do not use Intune?". What solution do they have then.
So I am awaiting their answer.
To be continued.....- Hi Jeroen,
From my personal experience communicating with support regarding Teams Phone devices is that they don't understand how to properly support Teams Phones.
Recently I've got reply that I need to contact phone vendor for investigation regarding this issue 🙂
And it's frustrating.
Android Device Administrator was never properly adopted by Intune for Teams Phone devices that's why there are recommendations to disable multiple inspections for Teams Phones.
(typical example was Trio 8500/8800 which was never properly working with Intune).
Intune enrollment is completely not acceptable scenario in example for Common Area Phones which are running with Common Area Phone license (it has no Intune license in it).
My personal opinion that Teams Phones should not be rolled to Intune until Intune will properly recognize and process such devices.
Not like it's done right now.
I'm happy at least that CAP phones are not in Intune and we're trying to do the same for Conference Phones.
Unfortunately it's not possible for end-users because of Conditional Access.- All of this really points to a lack of maturity in the native Teams phone space. At least as full experience user phones, all of the makes and models we've tested have been terribly slow/laggy in the user interface department. Attempting to manage software updates on them from Teams Admin Center has been frustrating....even ignoring this current issue. We ultimately decided to stay on 3PIP phones for all except conference rooms where there is truly an actual user experience benefit in a Teams native phone....the ability to one touch join a meeting. This at least keeps our pain level to a few hundred phones rather than a few thousand. Plus the user interface on the phones is much snappier when limited to a specific purpose (conference room or common area phone) using the IP Phone Policy.
