Forum Discussion
Solved
Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS
Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network? I have a customer running Yealink MP56 phones and the latest firmwa...
So I have a small update from Microsoft on this, and it's more of a temporary fix from what I understand.
- Login to https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesEnrollmentMenu/enrollmentRestrictions
- Create a new Device Type Restriction
- Give it a name
- On "Platform Settings" change "Android Enterprise (work profile)" to BLOCK
- Make sure "Android Device Administration" is set to ALLOW
- Click Next
- Click Next
- Under Assignments click Add Group and select the group of users that are signing into devices.
- Click through to finish the setup
Wait a few minutes, and reboot the phone, login again.
I'm still trying to find out how to resolve the issue correctly, but this seems to have helped most of the cases I've had issues with so far.
Interesting how discussion came to the different flow.
In my microsoft ticket engineer confirmed a bug regarding the behavior when device is freezing/logging-out etc. with new Teams agent.
And there should be released new firmware at least for Yealink devices.
Hope will be the same for Polycom.
Regarding CAP license I don't really get the point.
You don't need to use Intune enrollment for it.
CAP licensed account can normally login via "sign-in from another device" or if you setup some CA policy like IP based access you can access via user/password from the phone.
I don't see any real reason to add Intune license for such accounts.
And better to use the same way for Audio Conference devices (with Meeting room licenses) because Intune is buggy and devices sometimes freezes.
I'm not talking about incidents when Intune degradation caused almost 150+ phones in my company becomes unusable (user phones as well).
For user phones it's quite clear. You cannot login user without proper CA and Intune policy combination.
Anyway we will wait for a fix from microsoft.
In my microsoft ticket engineer confirmed a bug regarding the behavior when device is freezing/logging-out etc. with new Teams agent.
And there should be released new firmware at least for Yealink devices.
Hope will be the same for Polycom.
Regarding CAP license I don't really get the point.
You don't need to use Intune enrollment for it.
CAP licensed account can normally login via "sign-in from another device" or if you setup some CA policy like IP based access you can access via user/password from the phone.
I don't see any real reason to add Intune license for such accounts.
And better to use the same way for Audio Conference devices (with Meeting room licenses) because Intune is buggy and devices sometimes freezes.
I'm not talking about incidents when Intune degradation caused almost 150+ phones in my company becomes unusable (user phones as well).
For user phones it's quite clear. You cannot login user without proper CA and Intune policy combination.
Anyway we will wait for a fix from microsoft.
Same for us. I still have an open ticket with MS and they keep asking me to reproduce the issue and send logs. But no confirmation the issue is on their Teams client. So it is good that finally someone within MS is acknowledging this.
For the User devices we do use the Intune enrollment with Device Administrator which prevents (at least for us) the logon loop issue. We have not seen any issues on the phones coming from Intune management so don't really understand what happened in your case.
For CAP's we are using AAD accounts bypassing the ADFS authentication and the need to add an Intune license. This works well for us. (So far)
But it is interesting to see if the new Teams client for Yealink devices will remediate the need to enroll devices into Intune. Because I agree that for the IP phones their is no real added value to have them enrolled. The TAC management is fine for us.
For the User devices we do use the Intune enrollment with Device Administrator which prevents (at least for us) the logon loop issue. We have not seen any issues on the phones coming from Intune management so don't really understand what happened in your case.
For CAP's we are using AAD accounts bypassing the ADFS authentication and the need to add an Intune license. This works well for us. (So far)
But it is interesting to see if the new Teams client for Yealink devices will remediate the need to enroll devices into Intune. Because I agree that for the IP phones their is no real added value to have them enrolled. The TAC management is fine for us.