Home

For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.  

 

Allowing successful Intune enrollment for Android versions 5.x and up 

If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment: 

  • You are deploying a Teams IP phone with Android OS version 5.x or later. 
  • You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices. 
  • You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll. 

The recommended deployment configuration is (only one of these two are necessary):  

  • Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile.  This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device. 
  • If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".  Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant.  Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.     

We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.

 

Device-based Exception via Intune 

Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in. 

8 Comments
Contributor

MFA was enabled in AAD Admin Centre for device join in my tenant. MFA was required to login to the phone but this also prompted the handset to be encrypted which was only possible if a PSU was plugged into the handset according to the on screen warning which could not be bypassed. Disabling MFA resolved. I did this after disabling AFW and was then able to enroll the phone.

 

https://shawnharry.co.uk/2019/01/07/configuring-yealink-t58a-for-microsoft-teams/

 

cvsfbdb.jpg

@shawn harry Hi Shawn, MFA can be enabled without requiring encryption. 

I have a similar device Yealink T58A and it signs-in and kick out automatically, i see the sign-in has been successful when the Intune licenses are turned OFF for the account. I have already Opened a case MS and they suggested me to create an rule exception, which is not working apparently.

Contributor

@Kruthika PonnusamyAware of that but encryption was not enabled in my tenant for MFA. The issue is easily reproducable and when MFA Auth Join was enabled enrollment wasn't possible due to the restrictions i already noted above.

Please provide more information about, how should AAD user (and needed licenses, Intune? etc.) for Android phone should be set-up, some best practice actions, intune compliance policies, shared meeting rooms (exchange resource room mailbox etc.) with shared Yealink phones are needed.

Senior Member

Looking forward to testing once the firmware has been updated to resolve this issue.

Contributor

got answer, thanks

@Maheshwar Tayal - new Yealink desktop phone devices are based on Android OS with preinstalled Microsoft Teams apk