Note: The firmware fix needed to handle the enrollment flow described below has been deployed and the workarounds are no longer needed
For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.
Allowing successful Intune enrollment for Android versions 5.x and up
If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment:
You are deploying a Teams IP phone with Android OS version 5.x or later.
You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices.
You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll.
The recommended deployment configuration is (only one of these two are necessary):
Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile. This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device.
If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant. Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.
We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.
Device-based Exception via Intune
Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in.