Forum Discussion
Solved
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network? I have a customer running Yealink MP56 phones and the latest firmwa...
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
Today I've tested new FW from Yealink T55(T58A,T56A)-58.15.0.131.rom
Unfortunately the same behavior.
So still pushing MS to continue issue resolution.
Unfortunately the same behavior.
So still pushing MS to continue issue resolution.
I've had sporadic success with doing a factory reset after or before doing a firmware update. Not sure if the local cache is keeping some data that might be the cause or not. If I remember correctly, you can hold the * and # keys when you plug the power in to clear the Teams cache on Yealink devices.
I just did an MP56 and a T56a, both having been factory reset before (mostly because I was an idiot and signed into the wrong phone admin interface), and both successfully logged in after coming back up. I've got more testing to do (login to another tenant without adfs, etc) to see if I can break it again.
I just did an MP56 and a T56a, both having been factory reset before (mostly because I was an idiot and signed into the wrong phone admin interface), and both successfully logged in after coming back up. I've got more testing to do (login to another tenant without adfs, etc) to see if I can break it again.
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
- I was given the same and it was in no way suggested or hinted as being a temporary fix. I still have issues/concerns with the requirement of InTune and am challenging why the Common Area Phone license doesn't include an InTune license if it truly is a requirement. No word back as of yet.
We have implemented the above "solution" and it certainly does resolve the logon loop issue. However, we've seen plenty of inconsistency along the way. For example, in some cases....let's call it 20% of the time, the phone will halt at the feature apps company portal screen as if you are being offered apps to install similar to a mobile phone. Unplugging and replugging the phone gets it booting up to where it should be but still a nuisance.- The latest nugget from the Department of Infinite Wisdom with regard to common area phones:
"I have also reached out to PG from Intune, and they've confirmed Intune license is not required for Common Area Phone, but you will need to disable Conditional Access policies for it to work."
So just disable security features....got it.
