For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.  


Allowing successful Intune enrollment for Android versions 5.x and up 

If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment: 

  • You are deploying a Teams IP phone with Android OS version 5.x or later. 
  • You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices. 
  • You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll. 

The recommended deployment configuration is (only one of these two are necessary):  

  • Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile.  This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device. 
  • If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".  Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant.  Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.     

We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.


Device-based Exception via Intune 

Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in. 


MFA was enabled in AAD Admin Centre for device join in my tenant. MFA was required to login to the phone but this also prompted the handset to be encrypted which was only possible if a PSU was plugged into the handset according to the on screen warning which could not be bypassed. Disabling MFA resolved. I did this after disabling AFW and was then able to enroll the phone.





@shawn harry Hi Shawn, MFA can be enabled without requiring encryption. 

I have a similar device Yealink T58A and it signs-in and kick out automatically, i see the sign-in has been successful when the Intune licenses are turned OFF for the account. I have already Opened a case MS and they suggested me to create an rule exception, which is not working apparently.


@Kruthika PonnusamyAware of that but encryption was not enabled in my tenant for MFA. The issue is easily reproducable and when MFA Auth Join was enabled enrollment wasn't possible due to the restrictions i already noted above.

Please provide more information about, how should AAD user (and needed licenses, Intune? etc.) for Android phone should be set-up, some best practice actions, intune compliance policies, shared meeting rooms (exchange resource room mailbox etc.) with shared Yealink phones are needed.

Senior Member

Looking forward to testing once the firmware has been updated to resolve this issue.

Frequent Contributor

got answer, thanks

@Maheshwar Tayal - new Yealink desktop phone devices are based on Android OS with preinstalled Microsoft Teams apk

Established Member

Hallo ,

I am only a Full Feature guy with M365 E5 and Direct Routing and very Limited Time on the day where I can spend for testing implementation of my teams devices I try to find for my adoptions. In this story I also find every Bug ever I believe existing in Teams Phone because we have to switch all  users in once to Teams Direct routing without having the right devices ( my users love Hardware). Now a Bird from Microsoft is spelling me that we have to switch soon to the right mode and the right hardware! 


In my tests I always seen that devices are not registered in the Teams Admin Portal and also I test the intune Integration but I don‘t find that it better run. 


Please is it possible to give a recommendation deployment plan to me so I know how to deploy all in the right and best way for my E5, Dial Only Conference Rooms, Desktop Apps , Phone Apps (IOS). And as you know the UI Feature set of Teams Phone is currently not fit for production and it would be nice to have a deployment plan when it will become interested to roll out.  

And which Guy in Germany can help me ? But not for selling me hours of service but to share experience and solution in any kind.

After a long struggle since this post i was unable to enroll the Yealink Device through Intune. Looks something might have changed at Microsoft Side on Intune. I was successfully able to enroll the Yealink T58A devices with Intune licenses today.

@Swaminathan Balakrishnan can you tell us more about your settings, for Yealink T58A android phone and Teams connection with Intune. Do you use account from real person with license, or you have some seperate generice / service account with license etc? Did you do automatic deployment / enrollment to Intune or manual, etc?


Hi, for us we did not have MFA enabled in AzureAD, but we do have conditional access setup with MFA to join devices to AzureAD, we are able to log into the device with a Team account (E3) but says the device is out of compliance so signs us out.  

EDIT: Resolved by completely enrolling it in Intune and complying with the policies

Regular Visitor

We just upgraded our T58A and CP690 phones to the Teams Edition and it has definitely been a bear, but we are getting closer...  We keep having an issue where we try logging in and it sits there at “we are signing you in please wait” but never goes beyond that until we reboot the phone again.  At times we will also receive an error that the device is out of compliance where it will say "Oops - You can't get to this yet."  We created a specific policy for Yealink in Intune and had to add the user to it, which isn't ideal because then we can't add them to any others (i.e. iOS or Android for mobile phones.)  The user has Office 365 E3 with Enterprise Mobility + Security E3 license.  My question is; do we know what specific Intune policies and Microsoft licenses are required for the user to successfully login to Teams on the phone once it is successfully upgraded?

Senior Member

Would like to follow this post. Waiting for the all clear on the following:


We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.