Forum Discussion
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
In my microsoft ticket engineer confirmed a bug regarding the behavior when device is freezing/logging-out etc. with new Teams agent.
And there should be released new firmware at least for Yealink devices.
Hope will be the same for Polycom.
Regarding CAP license I don't really get the point.
You don't need to use Intune enrollment for it.
CAP licensed account can normally login via "sign-in from another device" or if you setup some CA policy like IP based access you can access via user/password from the phone.
I don't see any real reason to add Intune license for such accounts.
And better to use the same way for Audio Conference devices (with Meeting room licenses) because Intune is buggy and devices sometimes freezes.
I'm not talking about incidents when Intune degradation caused almost 150+ phones in my company becomes unusable (user phones as well).
For user phones it's quite clear. You cannot login user without proper CA and Intune policy combination.
Anyway we will wait for a fix from microsoft.
- Same for us. I still have an open ticket with MS and they keep asking me to reproduce the issue and send logs. But no confirmation the issue is on their Teams client. So it is good that finally someone within MS is acknowledging this.
For the User devices we do use the Intune enrollment with Device Administrator which prevents (at least for us) the logon loop issue. We have not seen any issues on the phones coming from Intune management so don't really understand what happened in your case.
For CAP's we are using AAD accounts bypassing the ADFS authentication and the need to add an Intune license. This works well for us. (So far)
But it is interesting to see if the new Teams client for Yealink devices will remediate the need to enroll devices into Intune. Because I agree that for the IP phones their is no real added value to have them enrolled. The TAC management is fine for us. - Very interesting. I've been "screaming" about logout issues for a long time now and have yet to be given any indication that anyone else has had those issues, any code fixes, or anything! I have been told that we aren't the only ones with the new InTune enrolled devices NOT checking in daily like they should. I tend to believe this is related to the logout issues but can't say for sure.
It's funny you mention logout issues because that's come up with a couple of my customers recently too since this firmware updates. I suspect it's tied to Intune as well. An issue discussed on a Poly partner call yesterday was the same device registering multiple times under a single account, causing the account to run into the max device limitations, we've seen that with a few customers as well.
We've been testing the registration exception with a number of folks to see the impact.
What is this registration exception you mentioned? I'm testing out six different Yealink phones and have hit the InTune device limit by logging on and off the same devices too many times. I'm assuming if a user were to log in and out of their desk phone more than 15 times they will hit the limit?
