Microsoft Teams Room Intune mdm

%3CLINGO-SUB%20id%3D%22lingo-sub-1504856%22%20slang%3D%22en-US%22%3EMicrosoft%20Teams%20Room%20Intune%20mdm%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504856%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3ESenario%3A%3CBR%20%2F%3EThe%20company%20has%20branches%20around%20the%20world.%20IT%20is%20manged%20from%20a%20central%20location%2C%20some%20locations%20have%20a%20small%20IT%20department.%3CBR%20%2F%3E%3CBR%20%2F%3ECurrently%20on%20a%20Skype%20for%20Business%20on-prem%20solution%2C%20but%20moving%20batches%20to%20Teams.%3CBR%20%2F%3E%3CBR%20%2F%3EAll%20pc%20is%20joined%20to%20azure%20Ad%2C%20and%20enrolled%20in%20i%20tunes.%3CBR%20%2F%3E%3CBR%20%2F%3EChallenges%3A%3CBR%20%2F%3EWe%20have%20now%20bought%20a%20lot%20of%20Teams%20room%20Systems%20devices%2C%20primarily%20from%20Lenovo%20(but%20they%20all%20run%20the%20same%20windows%20version)%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20would%20like%20to%20have%20all%20enrolled%20to%20intune%2C%20so%20we%20can%20create%20speciel%20packages%20and%20policies%20to%20the%20unites.%3CBR%20%2F%3E%3CBR%20%2F%3ENot%20all%20devices%20get%20by%20a%20IT%20department%20before%20setup%20is%20done%2C%20so%20we%20should%20have%20a%20bulletproof%20solution%20of%20deployment.%3CBR%20%2F%3E%3CBR%20%2F%3EQuestions%3A%3CBR%20%2F%3EI%20could%20instruct%20the%20users%20to%20sign%20in%20with%20a%20intune%20DEM%20account%2C%20but%20will%20it%20be%20enough%3F%3CBR%20%2F%3EIn%20my%20tests%20the%20device%20only%20gets%20the%20polices%20as%20soon%20as%20an%20AAD%20user%20signs%20in.%3CBR%20%2F%3EThe%20Room%20System%20is%20using%20a%20local%20account%20for%20the%20Teams%20client.%3CBR%20%2F%3ESo%20how%20do%20I%20get%20the%20polices%20enrolled%20to%20a%20local%20user%20on%20the%20device%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20is%20my%20approach%20the%20best%3F%3CBR%20%2F%3ECould%20we%20auto%20enroll%2Fdeploy%20them%20in%20a%20better%20way%3F%3CBR%20%2F%3E%3CBR%20%2F%3EMany%20many%20thanks%20for%20your%20reply%2C%20and%20explanations%20%EF%BF%BD%EF%BF%BD%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1504856%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Friday%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1521881%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20Room%20Intune%20mdm%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1521881%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20one%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1542182%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20Room%20Intune%20mdm%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1542182%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90195%22%20target%3D%22_blank%22%3E%40Mads%20Zaulich%3C%2FA%3E%26nbsp%3BGood%20point.%20I%20have%20exactly%20the%20same%20question.%20I%20cannot%20imagine%20that%20we%20are%20the%20only%20one%20having%20this%20kind%20of%20question.%20So%20if%20someone%20has%20an%20answer%2C%20please%20share%20it%20if%20you%20can%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1543454%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20Room%20Intune%20mdm%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1543454%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F304669%22%20target%3D%22_blank%22%3E%40dennishaxe%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELet%20me%20quick%20explain%20how%20I%20solved%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20needed%20to%20enroll%20the%20device%20in%20Azure%20ad.%20Therefore%20a%20DEM%20account%20is%20not%20enough%20(hence%2C%20the%20intune%20management%20extension%20is%20not%20pushed%20to%20device)%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20I%20created%202%20apps.%20One%20app%20that%20installed%20the%20Microsoft%20Teams%20Room%20Manager.%20The%20other%20one%20was%20a%20Win32%20app%20(therefore%20we%20need%20the%20management%20extension).%26nbsp%3B%20This%20app%20was%20basically%20a%20Powershell%20script%2C%20that%20made%20sure%20the%20local%20users%20got%20a%20password%20and%20made%20sure%20that%20it%20signed%20in%20automatically.%20Furthermore%2C%20the%20script%20also%20made%20sure%20that%20the%20device%20was%20set%20up%20due%20to%20company%20policy%20with%20correct%20backgrounds%20etc.%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20now%2C%20when%20a%20enduser%2C%20recives%20a%20device.%20We%20instruct%20them%20in%20powering%20it%20up%2C%20exiting%20the%20setup%2C%20sign%20in%20as%20admin.%20Join%20Azure%20AD.%20And%20then%20just%20wait%20for%20sync.%20When%20the%20sync%20is%20done%2C%20we%20will%20rename%20the%20device%20in%20Azure%20AD.%20And%20reboot%20the%20device%2C%20and%20they%20are%20ready%20to%20go.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20it%20helps%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor
Hi,

Senario:
The company has branches around the world. IT is manged from a central location, some locations have a small IT department.

Currently on a Skype for Business on-prem solution, but moving batches to Teams.

All pc is joined to azure Ad, and enrolled in i tunes.

Challenges:
We have now bought a lot of Teams room Systems devices, primarily from Lenovo (but they all run the same windows version)

We would like to have all enrolled to intune, so we can create speciel packages and policies to the unites.

Not all devices get by a IT department before setup is done, so we should have a bulletproof solution of deployment.

Questions:
I could instruct the users to sign in with a intune DEM account, but will it be enough?
In my tests the device only gets the polices as soon as an AAD user signs in.
The Room System is using a local account for the Teams client.
So how do I get the polices enrolled to a local user on the device?

And is my approach the best?
Could we auto enroll/deploy them in a better way?

Many many thanks for your reply, and explanations ��
3 Replies

No one?

 

@Mads Zaulich Good point. I have exactly the same question. I cannot imagine that we are the only one having this kind of question. So if someone has an answer, please share it if you can :)

@dennishaxe 

Let me quick explain how I solved it.

 

I needed to enroll the device in Azure ad. Therefore a DEM account is not enough (hence, the intune management extension is not pushed to device)

Then I created 2 apps. One app that installed the Microsoft Teams Room Manager. The other one was a Win32 app (therefore we need the management extension).  This app was basically a Powershell script, that made sure the local users got a password and made sure that it signed in automatically. Furthermore, the script also made sure that the device was set up due to company policy with correct backgrounds etc.

So now, when a enduser, recives a device. We instruct them in powering it up, exiting the setup, sign in as admin. Join Azure AD. And then just wait for sync. When the sync is done, we will rename the device in Azure AD. And reboot the device, and they are ready to go. 

Hope it helps