Microsoft Teams IP Phones and Intune Enrollment

Published Feb 04 2019 12:06 PM 64.2K Views

Note: The firmware fix needed to handle the enrollment flow described below has been deployed and the workarounds are no longer needed

 

For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.  

 

Allowing successful Intune enrollment for Android versions 5.x and up 

If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment: 

  • You are deploying a Teams IP phone with Android OS version 5.x or later. 
  • You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices. 
  • You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll. 

The recommended deployment configuration is (only one of these two are necessary):  

  • Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile.  This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device. 
  • If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".  Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant.  Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.     

We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.

 

Device-based Exception via Intune 

Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in. 

57 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-339218%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-339218%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F45060%22%20target%3D%22_blank%22%3E%40Maheshwar%20Tayal%3C%2FA%3E%26nbsp%3B-%20new%20Yealink%20desktop%20phone%20devices%20are%20based%20on%20Android%20OS%20with%20preinstalled%20Microsoft%20Teams%20apk%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-339215%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-339215%22%20slang%3D%22en-US%22%3E%3CP%3Egot%20answer%2C%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-334409%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-334409%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20forward%20to%20testing%20once%20the%20firmware%20has%20been%20updated%20to%20resolve%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-333358%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-333358%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20provide%20more%20information%20about%2C%20how%20should%20AAD%20user%20(and%20needed%20licenses%2C%20Intune%3F%20etc.)%20for%20Android%20phone%20should%20be%20set-up%2C%20some%20best%20practice%20actions%2C%20intune%20compliance%20policies%2C%20shared%20meeting%20rooms%20(exchange%20resource%20room%20mailbox%20etc.)%20with%20shared%20Yealink%20phones%20are%20needed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331523%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331523%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3EAware%20of%20that%20but%20encryption%20was%20not%20enabled%20in%20my%20tenant%20for%20MFA.%20The%20issue%20is%20easily%20reproducable%20and%20when%20MFA%20Auth%20Join%20was%20enabled%20enrollment%20wasn't%20possible%20due%20to%20the%20restrictions%20i%20already%20noted%20above.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331345%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331345%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20similar%20device%20Yealink%20T58A%20and%20it%20signs-in%20and%20kick%20out%20automatically%2C%20i%20see%20the%20sign-in%20has%20been%20successful%20when%20the%20Intune%20licenses%20are%20turned%20OFF%20for%20the%20account.%20I%20have%20already%20Opened%20a%20case%20MS%20and%20they%20suggested%20me%20to%20create%20an%20rule%20exception%2C%20which%20is%20not%20working%20apparently.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-331184%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-331184%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F8206%22%20target%3D%22_blank%22%3E%40shawn%20harry%3C%2FA%3E%20Hi%20Shawn%2C%20MFA%20can%20be%20enabled%20without%20requiring%20encryption.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-330791%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-330791%22%20slang%3D%22en-US%22%3E%3CP%3EMFA%20was%20enabled%20in%20AAD%20Admin%20Centre%20for%20device%20join%20in%20my%20tenant.%20MFA%20was%20required%20to%20login%20to%20the%20phone%20but%20this%20also%20prompted%20the%20handset%20to%20be%20encrypted%20which%20was%20only%20possible%20if%20a%20PSU%20was%20plugged%20into%20the%20handset%20according%20to%20the%20on%20screen%20warning%20which%20could%20not%20be%20bypassed.%20Disabling%20MFA%20resolved.%20I%20did%20this%20after%20disabling%20AFW%20and%20was%20then%20able%20to%20enroll%20the%20phone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fshawnharry.co.uk%2F2019%2F01%2F07%2Fconfiguring-yealink-t58a-for-microsoft-teams%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fshawnharry.co.uk%2F2019%2F01%2F07%2Fconfiguring-yealink-t58a-for-microsoft-teams%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F71980i32A58B7A89039614%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22cvsfbdb.jpg%22%20title%3D%22cvsfbdb.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-536145%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-536145%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20a%20long%20struggle%20since%20this%20post%20i%20was%20unable%20to%20enroll%20the%20Yealink%20Device%20through%20Intune.%20Looks%20something%20might%20have%20changed%20at%20Microsoft%20Side%20on%20Intune.%20I%20was%20successfully%20able%20to%20enroll%20the%20Yealink%20T58A%20devices%20with%20Intune%20licenses%20today.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-545627%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-545627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38582%22%20target%3D%22_blank%22%3E%40Swaminathan%20Balakrishnan%3C%2FA%3E%26nbsp%3Bcan%20you%20tell%20us%20more%20about%20your%20settings%2C%20for%20Yealink%20T58A%20android%20phone%20and%20Teams%20connection%20with%20Intune.%20Do%20you%20use%20account%20from%20real%20person%20with%20license%2C%20or%20you%20have%20some%20seperate%20generice%20%2F%20service%20account%20with%20license%20etc%3F%20Did%20you%20do%20automatic%20deployment%20%2F%20enrollment%20to%20Intune%20or%20manual%2C%20etc%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-653182%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-653182%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20for%20us%20we%20did%20not%20have%20MFA%20enabled%20in%20AzureAD%2C%20but%20we%20do%20have%20conditional%20access%20setup%20with%20MFA%20to%20join%20devices%20to%20AzureAD%2C%20we%20are%20able%20to%20log%20into%20the%20device%20with%20a%20Team%20account%20(E3)%20but%20says%20the%20device%20is%20out%20of%20compliance%20so%20signs%20us%20out.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%20Resolved%20by%20completely%20enrolling%20it%20in%20Intune%20and%20complying%20with%20the%20policies%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-797355%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-797355%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20just%20upgraded%20our%20T58A%20and%20CP690%20phones%20to%20the%20Teams%20Edition%20and%20it%20has%20definitely%20been%20a%20bear%2C%20but%20we%20are%20getting%20closer...%26nbsp%3B%20We%20keep%20having%20an%20issue%20where%20we%20try%20logging%20in%20and%20it%20sits%20there%20at%26nbsp%3B%E2%80%9Cwe%20are%20signing%20you%20in%20please%20wait%E2%80%9D%20but%20never%20goes%20beyond%20that%20until%20we%20reboot%20the%20phone%20again.%26nbsp%3B%20At%20times%20we%20will%20also%20receive%20an%20error%20that%20the%20device%20is%20out%20of%20compliance%20where%20it%20will%20say%20%22Oops%20-%20You%20can't%20get%20to%20this%20yet.%22%26nbsp%3B%20We%20created%20a%20specific%20policy%20for%20Yealink%20in%20Intune%20and%20had%20to%20add%20the%20user%20to%20it%2C%20which%20isn't%20ideal%20because%20then%20we%20can't%20add%20them%20to%20any%20others%20(i.e.%20iOS%20or%20Android%20for%20mobile%20phones.)%26nbsp%3B%20The%20user%20has%20Office%20365%20E3%20with%20Enterprise%20Mobility%20%2B%20Security%20E3%20license.%26nbsp%3B%20My%20question%20is%3B%20do%20we%20know%20what%20specific%20Intune%20policies%20and%20Microsoft%20licenses%20are%20required%20for%20the%20user%20to%20successfully%20login%20to%20Teams%20on%20the%20phone%20once%20it%20is%20successfully%20upgraded%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848810%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848810%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20like%20to%20follow%20this%20post.%20Waiting%20for%20the%20all%20clear%20on%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20are%20actively%20pursuing%20a%20fix%20from%20the%20firmware%20to%20handle%20this%20enrollment%20flow.%20Once%20the%20fix%20has%20been%20published%20to%20the%20Microsoft%20Device%20Management%20solution%20and%20devices%20have%20been%20updated%2C%20neither%20of%20these%20workarounds%20would%20be%20necessary%20regardless%20of%20whether%20the%20three%20factors%20above%20are%20all%20true.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-946915%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-946915%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38582%22%20target%3D%22_blank%22%3E%40Swaminathan%20Balakrishnan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20is%20there%20any%20update%20on%20this%3F%20We%20need%20to%20be%20able%20to%20sign%20into%20our%20Teams%20phones!%20As%20others%20have%20said%20above%20it%20just%20puts%20us%20in%20a%20loop%20and%20gets%20to%20a%20point%20where%20it%20says%20'this%20device%20cannot%20access%20resources%20yet'%20or%20something.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1068394%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1068394%22%20slang%3D%22en-US%22%3E%3CP%3EAgreed%20-%20would%20really%20like%20an%20update.%26nbsp%3B%20Is%20there%20a%20User%20Voice%20request%20for%20this%20that%20we%20can%20keep%20track%20of%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1109832%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1109832%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20also%20need%20some%20clarification%20on%20this%20topic!%3C%2FP%3E%3CP%3EIts%20not%20only%20Yealink%20but%20also%20Polycom%20that%20has%20the%20exact%20same%20issue%20to%20log%20in%3CBR%20%2F%3Ewhen%20there%20is%20Intune%20present%20in%20the%20tenant.%3C%2FP%3E%3CP%3EThere%20must%20be%20a%20good%20manual%20how%20to%20deploy%20IP%20Phones%20when%20using%20Intune%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1352257%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1352257%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20we%20have%20enrolled%20a%20number%20of%20Yealink%20Teams%20devices%20into%20Intune%20I%20thought%20I%20would%20share%20my%20set%20up.%20We%20use%20Android%20Work%20Profiles%20extensively%20and%20are%20unwilling%20to%20turn%20off%20that%20functionality.%20But%20we've%20found%20a%20workable%20compromise%20that%20balances%20security%20and%20usability%20for%20us.%20Please%20note%20that%20we%20have%20AAD%20Premium%20P2%2C%20we%20use%20Conditional%20Access%20and%20we%20also%20require%20MFA%20for%20device%20joins%20within%20our%20AAD's%20settings.%20If%20you're%20using%20Conditional%20Access%2C%20make%20sure%20your%20policies%20are%20set%20up%20not%20to%20inadvertently%20prevent%20sign-in%20before%20Intune%20can%20start%20registration.%20An%20easy%20way%20to%20check%20for%20this%20is%20to%20test%20with%20%22What%20If%3F%22%20and%20also%20to%20look%20at%20the%20sign%20in%20logs%20for%20the%20users%20concerned%2C%20in%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnwards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSTRONG%3EFirstly%3C%2FSTRONG%3E%2C%20ensure%20all%20firmware%20on%20the%20devices%20is%20up-to-date.%20%3CEM%3EIt%20was%20a%20bit%20of%20a%20PITA%20without%20Teams%20Admin%20Centre%20doing%20the%20work%20for%20us%2C%20but%20given%20the%20content%20of%20the%20original%20post%2C%20we%20decided%20it%20was%20prudent%20to%20%22start%20right.%22%3C%2FEM%3E%26nbsp%3B%3C%2FLI%3E%3CLI%3EWe%20registered%20the%20serial%20number%20of%20each%20device%20as%20a%20%3CSTRONG%3Ecorporate%20identifier%3C%2FSTRONG%3E%20within%20Intune.%20This%20was%20trivial%20to%20retrieve%20via%20the%20web%20interface%20of%20each%20device%2C%20or%20on%20the%20box.%20If%20you%20have%20a%20large%20fleet%20incoming%2C%20you%20should%20be%20able%20to%20get%20a%20.csv%20of%20SNs%20from%20your%20supplier.%3C%2FLI%3E%3CLI%3EWe%20enabled%20Android%20Device%20Administrator%20within%20Intune%20%3CEM%3E(Android%20Enrolment%20%26gt%3B%26nbsp%3BPersonal%20and%20corporate-owned%20devices%20with%20device%20administrator%20privileges%20%26gt%3B%20Ticked%20the%20checkbox)%3C%2FEM%3E%3C%2FLI%3E%3CLI%3EIn%20our%20Enrolment%20restrictions%2C%20we%20set%3A%20Android%20Device%20Administrator%3A%20minimum%20OS%20version%20to%207.0%26nbsp%3B%3CSTRONG%3Eand%20blocked%20personally-owned%3C%2FSTRONG%3E.%3CEM%3E%20(This%20way%2C%20we%20don't%20need%20to%20differentiate%20restrictions%20by%20user%20group%2C%20although%20your%20own%20ruleset%20should%20be%20set%20up%20to%20accommodate%20your%20organisation's%20policies.)%3C%2FEM%3E%3C%2FLI%3E%3CLI%3EAn%20Android%20Device%20Administrator%20Compliance%20Policy%20was%20set%20up.%20This%20requires%20%3CSTRONG%3Ejust%3C%2FSTRONG%3E%3A%3CUL%3E%3CLI%3Emin%20OS%20%3D%207.1%20%3CEM%3E(current%20version%20on%20Yealink%20is%207.1.2.%20We%20settled%20on%20'7.1'%20in%20our%20policy.)%3C%2FEM%3E%3C%2FLI%3E%3CLI%3ECompany%20Portal%20App%20Integrity%20%3D%20require%3C%2FLI%3E%3CLI%3Edevice%20is%20not%20rooted%20%3D%20require%3C%2FLI%3E%3CLI%3E%3CEM%3EThat's%20it.%20We%20couldn't%20get%20any%20further%20compliance%20restrictions%20to%20work%20-%20we%20got%20sign-in%20hangs%20otherwise.%3C%2FEM%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3EDevices%20were%20confirmed%20as%20logged%20out%20and%20then%20power-cycled.%3C%2FLI%3E%3CLI%3EDevices%20were%20logged%20into%20by%20Intune-%20and%20Teams-licensed%20users.%3C%2FLI%3E%3CLI%3EThe%20devices%20registered%20into%20Intune%20OK%20and%20were%20marked%20as%20compliant%20within%20a%20minute%20or%20two.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EHope%20this%20helps%20someone!%20The%20way%20we've%20set%20this%20up%2C%20our%20end%20users%20don't%20notice%20any%20difference%20-%20they%20are%20pointed%20to%20Android%20Enterprise%20on%20their%20own%20phones%20as%20usual.And%20no-one%20can%20add%20an%20Android%20device%20with%20its%20super-relaxed%20compliance%20policy%20unless%20it's%20prepped%20as%20a%20'corporate'%20device%20in%20Intune.%20If%20you're%20using%20corporate%20Android%20smartphones%20in%20your%20fleet%2C%20you%20may%20have%20to%20tweak%20your%20restrictions%20ruleset%20to%20accommodate%20-%20YMMV.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1433313%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1433313%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F153423%22%20target%3D%22_blank%22%3E%40Rob%20Hardman%3C%2FA%3E%26nbsp%3BThank%20you%20so%20much%20for%20posting%20the%20steps%20you%20took%20in%20your%20environment.%20This%20was%20very%20helpful%20in%20configuring%20in%20our%20own.%20Even%20with%20the%20new%20configurations%20in%20place%2C%20we%20were%20still%20unsuccessful%20in%20registering%20a%20device%20with%20Intune.%20After%20signing%20into%20Teams%2C%20we%20were%20being%20prompted%20to%20enroll%20with%20Intune%20and%20install%20Company%20Portal%20-%20this%20is%20where%20it%20failed%2C%20and%20we'd%20have%20to%20reboot%20the%20device.%20Yesterday%2C%20we%20upgraded%20two%20CCX600%20devices%20to%20the%20latest%20firmware%20(5.9.13.0306%2C%20released%205%2F20%2F2020)%2C%20and%20we%20were%20able%20to%20sign%20in%20and%20register%20the%20devices%20with%20Intune%20via%20Device%20Adminstrator.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1451378%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1451378%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20detailed%20setup%20guide%20Rob%2C%20we%20have%20a%20similar%20configuration%20and%20your%20guide%20was%20helpful%20to%20read%20through.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20recently%20published%20their%20%3CSPAN%3EInTune%20plan%20for%20change%3A%20Decreasing%20support%20for%20Android%20device%20administrator.%3C%2FSPAN%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fwhats-new%23decreasing-support-for-android-device-administrator%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fwhats-new%23decreasing-support-for-android-device-administrator%3C%2FA%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3EHas%20anyone%20been%20able%20to%20confirm%20if%20Android%20Device%20Administrator%20enrollment%20will%20continue%20to%20be%20supported%20for%20Teams%20Telephony%20devices%3F%26nbsp%3B%20Our%20Teams%20Telephony%20devices%20are%20running%20Android%20version%209%20so%20it%20feels%20like%20impending%20doom%20for%20our%20setup.%26nbsp%3B%20I%20couldn't%20get%20Android%20Enterprise%20enrollment%20to%20work%20for%20these%20devices%20as%20they%20don't%20appear%20to%20support%20any%20of%20the%20enrollment%20options.%26nbsp%3B%20From%20the%20list%20of%20impacted%20services%2C%20if%2Fwhen%20the%20devices%20upgrade%20to%20v10%2C%20only%20the%20corporate%20identifier%20feature%20would%20be%20a%20problem%20for%20us.%3CBR%20%2F%3E%3CBR%20%2F%3EAnyone%20else%20have%20the%20same%20concerns%20or%20perhaps%20aware%20of%20the%20road%20map%20for%20Teams%20Telephony%20devices%20and%20Android%20Device%20Administrator%20enrollment%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1540047%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1540047%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F536946%22%20target%3D%22_blank%22%3E%40raymondlyle%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20been%20able%20to%20enroll%20their%20Teams%20Telephony%20devices%20using%20Android%20Enterprise%3F%20%26nbsp%3BWe%20are%20using%20Poly%20CCX%20500%E2%80%99s%20and%20the%20enrollment%20does%20not%20work%20with%20Android%20Enterprise%2F%20Work%20profile%20either.%20%26nbsp%3BAny%20info%20will%20be%20greatly%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1554304%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1554304%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%20%26nbsp%3Bis%20there%20any%20progress%20on%20Android%20Enterprise%20support%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1554309%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1554309%22%20slang%3D%22en-US%22%3E%3CP%3ETeams%20Android%20devices%20will%20require%20Device%20Administrator.%20Android%20Enterprise%20is%20currently%20not%20in%20scope%20for%20support.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1554314%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1554314%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%20%26nbsp%3Bok%20so%20is%20the%20official%20message%20that%20as%20Device%20Administrator%20is%20removed%20from%20support%20from%20Intune%2C%20and%20Android%2C%20the%20phones%20will%20eventually%20become%20unmanaged%20as%20updates%20flow%20through%3F%26nbsp%3B%20Or%20is%20there%20no%20plan%20to%20ever%20update%20the%20version%20of%20android%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1563207%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1563207%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F28313%22%20target%3D%22_blank%22%3E%40Dustin%20Halvorson%3C%2FA%3E%26nbsp%3BTeams%20phones%20will%20continue%20to%20be%20supported%20on%20Intune%20via%20DA.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1756058%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1756058%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20recently%20upgraded%20a%20few%20test%20Poly%20CCX%20600%20to%20firmware%20version%206.2.21.1198.%20After%20unenrolling%20them%20and%20trying%20to%20enroll%20again%20thru%20the%20company%20portal%20on%20the%20phone%20it%20spins%20and%20then%20times%20out%20saying%20to%20try%20again%20later.%26nbsp%3B%20The%20older%20versions%20have%20no%20issues.%26nbsp%3B%20Do%20I%20need%20to%20now%20setup%20a%20managed%20Google%20Play%20account%20with%20Intune%20to%20use%20Android%20Enterprise%20instead%20of%20Device%20Administrator%3F%20They%20are%20working%20fine%20on%20firmware%20version%205.9.12.1122.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1761733%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1761733%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20not%20even%20sure%20we%20need%20to%20or%20should%20enroll%20these%20device%20in%20Intune%20anymore.%26nbsp%3B%20I%20also%20recently%20updated%20a%20CCX%20500%20to%206.2%20and%20when%20I%20sign%20into%20the%20device%2C%20it%20never%20gets%20enrolled%20into%20Intune%20probably%20because%20of%20my%20enrollment%20restrictions.%20However%2C%20it%20seems%20to%20go%20past%20the%20company%20portal%20screen%20and%20signs%20me%20in%20anyway.%26nbsp%3B%20The%20device%20does%20show%20up%20in%20Teams%20but%20not%20in%20Intune.%26nbsp%3B%20Is%20this%20the%20best%20way%20to%20manage%20theses%20device%20now%20or%20should%20we%20try%20to%20enroll%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1762897%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1762897%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41258%22%20target%3D%22_blank%22%3E%40Kurt%20DeLanoy%3C%2FA%3E%26nbsp%3B-%20this%20is%20an%20excellent%20question%2C%20and%20one%20which%20I%20feel%20MS%20need%20to%20provide%20%3CSTRONG%3Emuch%20more%20clarity%20and%20guidance%20on%3C%2FSTRONG%3E.%20My%20initial%20view%20was%20not%20to%20Intune%20enrol%20Teams%20IP%20Telephony%20devices.%20But%20we%20have%20changed%20direction%20and%20we%20will%20Intune%20enrol%20these%20devices.%20Why%3F%20Because%20we%20have%20a%20number%20of%20Conditional%20Access%20policies%20that%20apply%20to%20%22untrusted%22%20endpoints%20can%20adversely%20affect%20the%20user%20experience%20for%20accounts%20signed%20into%20a%20Teams%20IP%20phone.%20But%20by%20having%20these%20devices%20in%20Intune%20and%20marked%20as%20compliant%2C%20they%20are%20considered%20%22trusted%22%20so%20the%20conditional%20access%20policies%20don't%20apply.%20Word%20of%20warning%2C%20getting%20this%20working%20correctly%20is%20not%20easy%20and%20has%20required%20a%20lot%20of%20trial%20and%20error%2C%20and%20various%20issues%20along%20the%20way.%20We've%20already%20logged%202%20PS%20tickets%20to%20try%20and%20get%20this%20working%2C%20and%20are%20currently%20on%20the%20third%20PS%20ticket.%20I%20think%20we%20are%20quite%20close%20to%20a%20working%20solution.%20Word%20of%20warning%3A%20Meeting%20Room%20SKU%20includes%20Intune%20licence%2C%20but%20Common%20area%20SKU%20does%20not%2C%20which%20is%20an%20additional%20frustration.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1785298%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1785298%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20our%20CCX%20phones%20updated%20to%206.2%20they%20get%20stuck%20in%20the%20Verifying%20a%20few%20things...%20loop%20and%20never%20sign%20in.%20Very%20frustrating%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20much%20as%20MSFT%20is%20pushing%20teams%20you%20would%20think%20they%20would%20put%20resources%20into%20making%20it%20work%20for%20basic%20functions.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1787080%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1787080%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Keith%20-%20this%20is%20what%20I%20am%20seeing%20too%3A%20Device%20enrols%20into%20Intune%2C%20is%20marked%20as%20compliant%2C%20but%20the%20sign-in%20to%20Teams%20gets%20stuck%20for%205%20mins%20at%20%22verifying%20a%20few%20things...%22%20and%20eventually%20says%20%22The%20system%20timed%20out.%20Wait%20a%20moment%20then%20try%20again%22.%20The%20sign%20in%20was%20working%20fine%20prior%20to%20allowing%20Intune%20to%20enrol%20these%20devices.%20Even%20more%20strangely%2C%20out%20of%205%20attempts%2C%20it%20will%20fail%20like%20this%20on%20approx%204%20attempts%2C%20but%20every%20now%20and%20then%20it%20will%20actually%20sign%20into%20Teams%20successfully.%26nbsp%3BWe%20have%20a%20PS%20ticket%20open%20for%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1803302%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1803302%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20thinking%20that%20there%20is%20a%20lot%20more%20upside%20to%20NOT%20enrolling%20teams%20phones%20into%20Intune.%26nbsp%3B%20I%20realize%20that%20some%20could%20use%20conditional%20access%20policies%20that%20reference%20the%20endpoint%20and%20it's%20compliance%20but%20there%20are%20other%20ways%20to%20secure%20the%20login.%26nbsp%3B%20For%20example%2C%20I%20only%20want%20to%20allow%20phones%20to%20be%20used%20on%20my%20corporate%20network.%26nbsp%3B%20I%20can%20use%20the%20Teams%20Admin%20center%20to%20monitor%20%26amp%3B%20upgrade%20their%20firmware%20version.%26nbsp%3B%20Neither%20one%20of%20these%20things%20require%20Intune.%26nbsp%3B%20I%20have%20had%20so%20many%20issues%20with%20Teams%20phones%2C%20I%20am%20starting%20to%20think%20that%20Intune%20could%20be%20a%20contributing%20factor%20to%20issues%20we%20have%20with%20phones%20(phone%20never%20work%2C%20always%20have%20to%20reboot%20and%20reset%20to%20get%20them%20to%20work).%26nbsp%3B%20Eliminating%20Intune%20from%20the%20equation%20is%20probably%20going%20to%20be%20my%20next%20step%20to%20see%20if%20phone%20use%20becomes%20more%20reliable%20in%20our%20environment.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1803321%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1803321%22%20slang%3D%22en-US%22%3E%3CP%3EI%20agree.%20I%20think%2099%25%20of%20the%20issues%20I%20am%20having%20with%20the%20native%20phones%20are%20intune%20related.%20I%20can't%20figure%20out%20how%20to%20excluded%20them%20if%20the%20user%20signing%20into%20the%20device%20has%20an%20active%20intune%20license.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20conditional%20policies%20setup%20but%20they%20only%20work%20half%20the%20time.%20If%20they%20do%20work%20it%20takes%2010%20minutes%20to%20sign%20into%20the%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20provide%20a%20link%20to%20instructions.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1803581%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1803581%22%20slang%3D%22en-US%22%3E%3CP%3ECurrently%20I%20have%20my%20Conditional%20Access%20policies%20assigned%20to%20users%20(via%20group%20membership).%26nbsp%3B%20I%20think%20I%20need%20to%20create%20a%20dynamic%20device%20membership%20group%20that%20captures%20the%20teams%20phones.%26nbsp%3B%20Then%2C%20change%20the%20conditional%20access%20policy%20that%20makes%20them%20enroll%20in%20Intune%20to%20apply%20to%20all%20Android%20devices%20except%20the%20Teams%20Phone%20group.%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20is%20because%20the%20Conditional%20Access%20setup%20says%20that%20when%20you%20are%20assigning%20and%20excluding%20groups%2C%20you%20cannot%20mix%20user%20groups%20and%20device%20groups.%26nbsp%3B%20So%20if%20it%20is%20assigned%20to%20all%20android%20devices%20except%20for%20Teams%20Phone%2C%20I%20think%20that%20will%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMan%20do%20I%20wish%20everyone%20would%20just%20use%20a%20headset.%26nbsp%3B%20There%20is%20no%20setup%20and%20things%20just%20work.%26nbsp%3B%20Unfortunately%20we%20have%20users%20that%20insist%20on%26nbsp%3B%20using%20a%20phone%20for%20one%20reason%20or%20another%20and%20they%20are%20literally%20nothing%20but%20a%20headache.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1817964%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1817964%22%20slang%3D%22en-US%22%3E%3CP%3EYealink%20have%20just%20released%20new%20firmware%20which%20resolves%20the%20issue%20where%20the%20phone%20gets%20stuck%20%22verifying%20a%20few%20things%22%20after%20Intune%20enrolment%2C%20but%20before%20Teams%20sign%20in.%20Its%20now%20working%20for%20me%20with%20the%20new%20firmware%20across%20T56A%2C%20MP56%2C%20VP59%20and%20CP960.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1818884%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1818884%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50620%22%20target%3D%22_blank%22%3E%40Mark%20Licinio%3C%2FA%3E%26nbsp%3B%2C%20what%20version%20are%20you%20using%20now%20and%20for%20which%20devices%20(brand%20%2F%20model)%20to%20make%20this%20work%3F%26nbsp%3B%20I'm%20still%20stuck%20at%20the%26nbsp%3B%3CSPAN%3E%22verifying%20a%20few%20things%22%20message%20on%20the%20Yealink%20T58a%20where%20it%20all%20works%20fine%20for%20the%20T55a.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1818909%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1818909%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20using%20the%20most%20recent%20firmware%20published%20by%20Yealink.%20I%20haven't%20tested%20the%20T58A%2C%20but%20the%20ROM%20to%20try%20is%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fsupport.yealink.com%2Fforward2download%3Fpath%3DZIjHOJbWuW%2FDFrGTLnGyppagPXFxrNqa1aKwMYHyxI49Kso4SuvlON2Q9VkoSNKpeQgX8jOVeGQN6xAGY0OJCailhcHo2ub8tgfplusSymbolOHVKQjKb3AoP1gAbDAKlbYorMKO3YsOoMSTifCA%3D%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ET55(T58V%2CT56A)-58.15.0.116.rom%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bpublished%20on%2014%20October.%20The%20release%20notes%20say%3A%20%22Fixed%20an%20issue%20that%20the%20device%20is%20stuck%20in%20%22Verifying%20a%20few%20things%22%20page%20while%20signing%20in.%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1819482%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1819482%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20on%20the%20Lenovo%20ThinkSmart%20View.%20I%20may%20have%20just%20figured%20out%20a%20possible%20workaround%20for%20conditional%20access%20causing%20sign%20in%20to%20fail%20(%3CSPAN%3EVerifying%20a%20few%20things)%26nbsp%3B%3C%2FSPAN%3Ewhen%20MFA%20is%20enabled%20on%20the%20CA%20rule.%20It%20%22might%22%20work%20for%20other%20platforms.%20I%20have%20a%20rule%20setup%20as%20follows%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3ECloud%20apps%3A%20All%3C%2FP%3E%3CP%3EConditions%3A%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EPlatform%3A%20Android%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EClient%20Apps%3A%20Mobile%20apps%20and%20desktop%20clients%3C%2FP%3E%3CP%3EGrant%3A%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ERequire%20MFA%3C%2FP%3E%3CP%3ESession%3A%20Persistent%20browser%20session%20-%20Never%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3BThat%20last%20session%20control%20seems%20to%20have%20fixed%20it%20for%20me%2C%20but%20I'm%20still%20testing.%20I%20guess%20it%20was%20basically%20not%20liking%20cached%20mfa%20authorizations.%20Could%20someone%20try%20verifying%20if%20that%20setting%20works%2C%20or%20if%20I'm%20just%20seeing%20a%20cached%20result%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpdate%202020-10-27%3A%20it's%20still%20working%20consistently.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1846483%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1846483%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3BAny%20information%20on%20a%20firmware%20update%20for%20poly%20ccx%20phones%20to%20get%20them%20out%20of%20the%20%22verifying%20a%20few%20things...%22%20loop%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1846877%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1846877%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F96287%22%20target%3D%22_blank%22%3E%40Keith%20Laudenberger%3C%2FA%3E%26nbsp%3BThe%20latest%20update%20has%20a%20fix%20for%20this%20issue.%20The%20update%20should%20be%20available%20in%20Teams%20Admin%20Center.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Foffice%2Fwhat-s-new-in-microsoft-teams-d7092a6d-c896-424c-b362-a472d5f105de%23PickTab%3DDesk_phones%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-gb%2Foffice%2Fwhat-s-new-in-microsoft-teams-d7092a6d-c896-424c-b362-a472d5f105de%23PickTab%3DDesk_phones%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1849026%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1849026%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%3CSTRIKE%3EThat%20is%20the%20version%20on%20our%20devices%20but%20it%20still%20will%20not%20work.%20I%20have%20tried%20multiple%20settings%20with%20intune%20based%20on%20articles%20I%20have%20seen%20but%20the%20phones%20no%20longer%20sign%20into%20teams%20.%3C%2FSTRIKE%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRIKE%3E%3CA%20href%3D%22http%3A%2F%2Fimaucblog.com%2Farchive%2F2019%2F11%2F21%2Fmdm-compliance-policy-exclusion-for-teams-android-devices%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttp%3A%2F%2Fimaucblog.com%2Farchive%2F2019%2F11%2F21%2Fmdm-compliance-policy-exclusion-for-teams-android-devices%2F%3C%2FA%3E%3C%2FSTRIKE%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFinally%20got%20it%20to%20work%2C%20for%20some%20reason%20the%20compliance%20policy%20was%20not%20applying%20until%20adding%20the%20device%20serial%20number%20as%20a%20cooperate%20device.%20Scope%20tags%20were%20not%20enough%20to%20get%20the%20correct%20compliance%20policy%20to%20apply%20to%26nbsp%3B%20the%20device.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2031496%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2031496%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3BSince%20today%20I%20am%20unable%20to%20enroll%20the%20Yealink%20T55A%20and%20Polycom%20Trio%20C60%20after%20removing%20them%20from%20our%20tenant.%20No%20configuration%20change%20on%20our%20end.%20Is%20there%20any%20recent%20change%20in%20Intune%20that%20prevents%20us%20to%20reenroll%20the%20devices%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2080661%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2080661%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20Teams%20poly%20phones%20compatible%20with%20Android%20Work%20Profile%20yet%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2102644%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2102644%22%20slang%3D%22en-US%22%3E%3CP%3EAndroid%20work%20profile%20is%20applicable%20for%20devices%20that%20contain%20personal%20and%20enterprise%20data.%20Teams%20android%20devices%20today%20contain%20only%20enterprise%20data.%20Android%20work%20profile%20is%20not%20applicable%20for%20our%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2191286%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2191286%22%20slang%3D%22en-US%22%3E%3CP%3EFrom%20my%20understanding%2C%20Teams%20IP%20phones%20with%20have%20a%20custom%20Android%20firmware%20that%20is%20not%20manageable%20from%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20will%20enroll%20to%20Intune%20when%20you%20sign-inand%20you%20can%20manage%20them%20from%20the%20the%20Teams%20Admin%20Center%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EActions%20like%20uploading%20a%20custom%20CA%20are%20not%20supported.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F330%22%20target%3D%22_blank%22%3E%40Hrvoje%20Kusulja%3C%2FA%3E%20Is%20this%20correct%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2193608%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2193608%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F40331%22%20target%3D%22_blank%22%3E%40Luis%20Ramos%3C%2FA%3E%26nbsp%3BYes%2C%20we%20have%20custom%20Android%20hardware%20but%20I%20do%20not%20understand%20what%20you%20mean%20by%20%22not%20manageable%20from%20Intune%22.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2193961%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2193961%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3Blike%20adding%20my%20companies%20CA%20to%20the%20trusted%20root%20CA%20of%20the%20Android%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fcertificates-trusted-root%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fcertificates-trusted-root%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-523249%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-523249%22%20slang%3D%22en-US%22%3E%3CP%3EHallo%20%2C%3C%2FP%3E%3CP%3EI%20am%20only%20a%20Full%20Feature%20guy%20with%20M365%20E5%20and%20Direct%20Routing%20and%20very%20Limited%20Time%20on%20the%20day%20where%20I%20can%20spend%20for%20testing%20implementation%20of%20my%20teams%20devices%20I%20try%20to%20find%20for%20my%20adoptions.%20In%20this%20story%20I%20also%20find%20every%20Bug%20ever%20I%20believe%20existing%20in%20Teams%20Phone%20because%20we%20have%20to%20switch%20all%20%26nbsp%3Busers%20in%20once%20to%20Teams%20Direct%20routing%20without%20having%20the%20right%20devices%20(%20my%20users%20love%20Hardware).%20Now%20a%20Bird%20from%20Microsoft%20is%20spelling%20me%20that%20we%20have%20to%20switch%20soon%20to%20the%20right%20mode%20and%20the%20right%20hardware!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20tests%20I%20always%20seen%20that%20devices%20are%20not%20registered%20in%20the%20Teams%20Admin%20Portal%20and%20also%20I%20test%20the%20intune%20Integration%20but%20I%20don%E2%80%98t%20find%20that%20it%20better%20run.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20is%20it%20possible%20to%20give%20a%20recommendation%20deployment%20plan%20to%20me%20so%20I%20know%20how%20to%20deploy%20all%20in%20the%20right%20and%20best%20way%20for%20my%20E5%2C%20Dial%20Only%20Conference%20Rooms%2C%20Desktop%20Apps%20%2C%20Phone%20Apps%20(IOS).%20And%20as%20you%20know%20the%20UI%20Feature%20set%20of%20Teams%20Phone%20is%20currently%20not%20fit%20for%20production%20and%20it%20would%20be%20nice%20to%20have%20a%20deployment%20plan%20when%20it%20will%20become%20interested%20to%20roll%20out.%20%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20which%20Guy%20in%20Germany%20can%20help%20me%20%3F%20But%20not%20for%20selling%20me%20hours%20of%20service%20but%20to%20share%20experience%20and%20solution%20in%20any%20kind.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2273431%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2273431%22%20slang%3D%22en-US%22%3E%3CP%3ESeems%20this%20still%20in%20flux%202%20years%20later%3F%20What%20is%20the%20point%20in%20having%20Teams%20approved%20devices%20if%20they%20are%20not%20compatible%20with%20the%20recommended%20M365%20security%20best%20practices.%20Let%20me%20know%20if%20I%20am%20missing%20something.%20The%20conditional%20access%20logs%20are%20nebulous%20at%20best%20and%20would%20really%20appreciate%20if%20the%20integration%20between%20endpoint%20and%20azure%20ad%20were%20more%20clear.%20Intune%20should%20be%20the%20only%20thing%20that%20manages%20the%20registration%20and%20enrollment%20process%20in%20my%20opinion%2C%20so%20that%20Conditional%20access%20rules%20can%20be%20designed%20with%20information%20security%20in%20mind.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20recreate%20issue%20with%20enrollment%20on%20Yealink%2056A%2C%2058A%20and%20Poly%20CCX%20400.%20Implementation%20guide%20and%20advice%20is%20very%20welcome.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-330432%22%20slang%3D%22en-US%22%3EMicrosoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-330432%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3ENote%3A%20The%20firmware%20fix%20needed%20to%20handle%20the%20enrollment%20flow%20described%20below%20has%20been%20deployed%20and%20the%20workarounds%20are%20no%20longer%20needed%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EFor%20customers%20who%20require%20desk%20phones%20and%20conference%20room%20phones%20to%20make%20and%20receive%20audio%20calls%20or%20join%20meetings%2C%20Microsoft%20Teams%20provides%20a%20growing%20portfolio%20of%20devices%20that%20can%20be%20purchased%20from%20our%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fproducts.office.com%2Fen-us%2Fmicrosoft-teams%2Facross-devices%2Fdevices%2Fcategory%3Fdevicetype%3D34%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ETeams%20Marketplace%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%20For%20Teams%20phones%20including%20the%20Yealink%20T56A%2FT58A%2FCP960%20and%20the%20Crestron%20Flex%20series%20IP%20phones%20that%20run%20on%20Android%205.x%20or%20later%2C%20there%20may%20be%20specific%20configurations%20that%20need%20to%20be%20enabled%20in%20the%20customer's%20tenant%20for%20the%20phones%20to%20successfully%20enroll%20into%20Intune.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%3EAllowing%20successful%20Intune%20enrollment%20for%20Android%20versions%205.x%20and%20up%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%3E%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIf%20%3C%2FSPAN%3E%3CSPAN%3Eall%3C%2FSPAN%3E%3CSPAN%3E%20the%20following%20conditions%20below%20are%20true%3C%2FSPAN%3E%3CSPAN%3E%2C%20you%20will%20need%20to%20enable%20a%20specific%20configuration%20setting%20%3C%2FSPAN%3E%3CSPAN%3Ein%20the%3C%2FSPAN%3E%3CSPAN%3E%20Intune%20%3C%2FSPAN%3E%3CSPAN%3Eadmin%20console%20%3C%2FSPAN%3E%3CSPAN%3Eto%20allow%20for%20a%20successful%20enrollment%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%20style%3D%22list-style-position%3A%20inside%3B%22%3E%0A%3CLI%3E%3CSPAN%3EYou%20are%20deploying%20a%20Teams%20IP%20phone%20with%20Android%20OS%20version%205.x%20or%20later.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EYou%20have%20connected%20your%20Intune%20tenant%20with%20managed%20Google%20Play%20in%20order%20to%20manage%20Android%20Enterprise%20devices.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EYou%20have%20configured%20your%20enrollment%20restrictions%20such%20that%20Android%20work%20profile%20enrollment%20restrictions%20are%20applied%20to%20the%20end%20user%20account%20that%20you%20are%20using%20to%20enroll.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3EThe%20recommended%20deployment%20configuration%20is%3C%2FSPAN%3E%3CSPAN%3E%20(only%20one%20of%20these%20two%20are%20necessary)%3C%2FSPAN%3E%3CSPAN%3E%3A%3C%2FSPAN%3E%E2%80%AF%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%20style%3D%22list-style-position%3A%20inside%3B%22%3E%0A%3CLI%3E%3CSPAN%3EAdjust%20your%20enrollment%20restrictions%20settings%20in%20Intune%20so%20that%20the%20user%20you%20are%20enrolling%20the%20IP%20phone%20is%20not%20targeted%20with%20Android%20work%20profile.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%20This%20approach%20is%20recommended%20if%20you%20are%20managing%20Android%20Enterprise%20work%20profile%20devices%20in%20the%20same%20Intune%20tenant%20as%20your%20Teams%20device.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EIf%20you%20are%20not%20actively%20using%20Android%20Enterprise%20in%20your%20Intune%20tenant%2C%20you%20can%20remove%20the%20connection%20to%20managed%20Google%20Play%20following%20the%20directions%20here%20under%20%22%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fconnect-intune-android-enterprise%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDisconnect%20your%20Android%20enterprise%20administrative%20account%3C%2FA%3E%22%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%20%3C%2FSPAN%3E%3CSPAN%3EDisconnecting%20your%20Intune%20tenant%20from%20managed%20Google%20Play%20will%20disable%20Android%20Enterprise%20enrollment%20entirely%20for%20your%20tenant.%3C%2FSPAN%3E%26nbsp%3B%20%3CSPAN%3ETh%3C%2FSPAN%3E%3CSPAN%3Eerefore%2C%20t%3C%2FSPAN%3E%3CSPAN%3Ehis%20option%20is%20only%20recommended%20if%20you%20are%20not%20managing%20any%20Android%20Enterprise%20devices%20in%20your%20Intune%20tenant.%26nbsp%3B%20%3C%2FSPAN%3E%3CSPAN%3E%E2%80%AF%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%E2%80%AF%3C%2FSPAN%3E%3CSPAN%3EWe%20are%20actively%20pursuing%20a%20fix%20from%20the%20firmware%20to%20handle%20this%20enrollment%20flow.%20Once%20the%20fix%20has%20been%20published%20to%20the%20Microsoft%20Device%20Management%20solution%20and%20devices%20have%20been%20updated%2C%20neither%20of%20these%20workarounds%20would%20be%20necessary%20regardless%20of%20whether%20the%20three%20factors%20above%20are%20all%20true.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%3CSPAN%20class%3D%22TextRun%20SCXW257728783%22%20style%3D%22margin%3A%200px%3B%20padding%3A%200px%3B%20line-height%3A%2018px%3B%20font-family%3A%20Calibri%2CCalibri_MSFontService%2CSans-Serif%3B%20font-size%3A%2011pt%3B%20-ms-user-select%3A%20text%3B%20-ms-touch-select%3A%20none%3B%20-webkit-tap-highlight-color%3A%20transparent%3B%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20SCXW257728783%22%20style%3D%22background-color%3A%20inherit%3B%20-ms-touch-select%3A%20none%3B%20-ms-user-select%3A%20text%3B%20-webkit-tap-highlight-color%3A%20transparent%3B%20padding%3A%200px%3B%20margin%3A%200px%3B%22%3E%3CSTRONG%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20bold%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-family%3A%20%26amp%3Bquot%3B%22%3EDevice-based%20Exception%20via%20Intune%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIntune%20allows%20creating%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fcompliance-policy-create-android%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Edevice%20compliance%20policies%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%20in%20the%20tenant%20for%20the%20Android-based%20devices%20accessing%20organizational%20data.%20These%20policies%20are%20applied%20to%20user%20accounts%20and%20currently%20do%20not%20provide%20the%20ability%20to%20distinguish%20device%20types%20on%20the%20same%20operating%20system%20(eg%3A%20Desk%20phones%20vs%20%3C%2FSPAN%3E%3CSPAN%3Econventional%20mobile%20devices%3C%2FSPAN%3E%3CSPAN%3E%20phones).%20%3C%2FSPAN%3E%3CSPAN%3ET%3C%2FSPAN%3E%3CSPAN%3Eenant%20administrators%20might%20need%20to%20provide%20exceptions%20to%20user%20accounts%20for%20Teams%20IP%20phones%20to%20complete%20sign%20in.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A540%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-330432%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EFor%20customers%20who%20require%20desk%20phones%20and%20conference%20room%20phones%20to%20make%20and%20receive%20audio%20calls%20or%20join%20meetings%2C%20Microsoft%20Teams%20provides%20a%20growing%20portfolio%20of%20devices.%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-330432%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECalling%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeployment%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2521517%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2521517%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20experiencing%20the%20same%20problem.%202%20phones%20so%20far%20have%20worked%20OK%20with%20updating%20the%20firmware%20first.%20But%20then%20the%20next%20three%20are%20either%20stuck%20on%20the%20company%20portal%20connecting%20screen%20or%20stuck%20in%20a%20login%20loop.%3C%2FP%3E%3CP%3EWe%20are%20using%20Yealink%20MP56.%20We%20have%20intune%20enabled.%20But%20not%20even%20sure%20where%20to%20start%20in%20intune%2Fmicrosoft%20endpoint%20manager.%20I%20can%20see%20the%20devices%20in%20there%2C%20and%20they%20report%20they%20are%20compliant.%20Does%20anyone%20know%20what%20else%20I%20can%20check%20in%20intune%3F%20or%20how%20to%20turn%20it%20off%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Company%20portal%20connecting%20error.jpg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293878iFE306178D987944B%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Company%20portal%20connecting%20error.jpg%22%20alt%3D%22Company%20portal%20-%20connecting.%20error%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ECompany%20portal%20-%20connecting.%20error%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2612503%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2612503%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20find%20a%20way%20to%20get%20Teams%20IP%20Phone%20working%20without%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20having%20them%20enrolled%20in%20Microsoft%20Intune%20(to%20bypass%20the%20quagmire%20of%20non%20Teams%20IP%20Phone%20is%20certified%20for%20android%20enterprise%20and%20Microsoft%2FGoogle's%20deprecation%20of%20Android%20Device%20Admin%20features%20and%20support)%3C%2FP%3E%3CP%3E-%20exclude%20them%20from%20the%20application%20of%20Conditional%20Access%20Policies%20that%20are%20applied%20to%20the%20Android%20Platform%20(our%20plan%20is%20to%20use%20Conditional%20Policy)%20device%20filters%20currently%20in%20public%20preview%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20goal%20is%20to%20have%20these%20IP%20phones%20purely%20managed%20and%20administered%20from%20the%20MS%20Teams%20Admin%20Console.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20far%2C%20we%20only%20were%20able%20to%20get%20the%20AudioCodes%20Teams%20IP%20phone%20working%20if%20they%20are%20enrolled%20in%20Intune%20(as%20we%20have%20to%20temporarily%20exclude%20the%20user%20from%20Conditional%20Access%20policies%20applied%20to%20Android%20devices).%20However%2C%20if%20we%20don't%20allow%20them%20to%20be%20enrolled%20In%20Intune%2C%20they%20don't%20seem%20to%20be%20able%20to%20simply%20register%20in%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20been%20successfull%20in%20getting%20Audio%20Codes%20Teams%20IP%20phone%20working%20without%20enrolling%20them%20in%20Intune%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20advise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2623915%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2623915%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1097229%22%20target%3D%22_blank%22%3E%40Keliath%3C%2FA%3E%26nbsp%3BWe%20are%20also%20the%20same%20issue%20this%20past%20week%20with%20a%20private%20technician%20onsite%20%2C%20We%20are%20currently%20in%20the%20process%20to%20resolving%20our%20Telkom%20provider%20will%20be%20bringing%20in%20a%20network%20cisco%20switch%20specialist%20we%20suspect%20that%20the%20issue%20might%20the%20the%20VLAN%20configuration%20not%20allow%20the%20Android%20based%20Yealink%20VP59%20IP%20phone%20to%20get%20an%20IP%20address.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EPersonally%20i%20think%20it%20just%20be%20a%20firmware%20update%20or%20Endpoint%20intune%20security%20policy%20configuration%20but%20we%20will%20be%20trouble%20shooting%20on%20Wednesday%20next%20week.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHopefully%20will%20get%20a%20solution%20by%20then.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eregards%26nbsp%3B%3C%2FP%3E%3CP%3EAM%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2625785%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2625785%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F396014%22%20target%3D%22_blank%22%3E%40Ayandam%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20raised%20the%20issue%20with%20our%20Firewall%20provider%20and%20they%20enabled%20all%20the%20Teams%20ports%20and%20that%20resolved%20the%20issue.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2630051%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2630051%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F396014%22%20target%3D%22_blank%22%3E%40Ayandam%3C%2FA%3E%26nbsp%3BWe%20also%20disabled%20CDP%20and%20updated%20the%20date%20and%20time%20primary%20server%20and%20secondary%20server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2639273%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2639273%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1097229%22%20target%3D%22_blank%22%3E%40Keliath%3C%2FA%3E%26nbsp%3Bgood%20news%20our%20switches%20were%20re-configured%20yesterday%20with%20new%20VLANS%20configurations%20%2C%20our%20firewall%20provider%20also%20assisted%20our%20Teams%20IP%20phone%20are%20now%20working.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethey%20are%20also%20appearing%20on%20the%20Teams%20Devices%20dashboard%20now%20we%20can%20set%20policies%20and%20alerts%20for%20centralized%20Firmware%20update%20via%20the%20Teams%20Device%20dashboard%20portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20are%20on%20and%20cracking.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2691766%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2691766%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20VP59%20registered%20in%20Teams%20and%20Intune%20but%20only%20sits%20on%20'Verifing%20a%20few%20things.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20this%20been%20seen%20before%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFactory%20rest%20post%20adding%20Google%20play%20and%20blocking%20android%20work%20profile%20appears%20to%20have%20resolved%20my%20issue%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2697618%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2697618%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1097229%22%20target%3D%22_blank%22%3E%40Keliath%3C%2FA%3E%26nbsp%3BWe%20have%20same%20handsets%2C%26nbsp%3B%20and%20looking%20at%20rollout%20of%20a%20few%20across%20the%20business.%26nbsp%3B%20The%20test%20phone%20we%20setup%20we%20put%20on%20a%20new%20vlan%20with%20dhcp%20provided%20by%20the%20firewall.%26nbsp%3B%20We%20added%20any%2Fany%20rules%20outbound%20and%20had%20no%20issue%20with%20it%20connecting%20to%20the%20Company%20Portal%2C%26nbsp%3B%20as%20long%20as%20the%20devices%20can%20contact%20all%20M365%20services%20they%20should%20be%20OK%3F%26nbsp%3B%20Our%20test%20device%20went%20straight%20thru%20the%20intune%20enrollment%20and%20to%20the%20Company%20Portal%20where%20i%20was%20able%20to%20sign%20in%20(with%20MFA%20enable)%20on%20my%20Teams%20user%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20I%20can%20verify%20the%20logs%20on%20what%20its%20accessing%20and%20where%20I%20can%20look%20at%20locking%20down%20the%20rule%20further%20moving%20forward%20from%20testing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20checking%20intune%20I%20didnt%20see%20it%20registered%20or%20any%20failed%20attempts%20for%20that%20matter%2C%20however%20it%20did%20appear%20almost%20staraight%20away%20on%20the%20Teams%2FDevices%2FIP%20Phones%20tab%20-%20It%20appears%20that%20management%20of%20the%20teams%20phones%20is%20being%20pushed%20to%20teams%20as%20updates%2Fconfigs%20etc%20can%20be%20managed%20thru%20teams.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2700220%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2700220%22%20slang%3D%22en-US%22%3E%3CP%3EHaving%20several%20customers%20with%20the%20same%20issues%20discussed%20here.%26nbsp%3B%20I've%20tried%20several%20things%20including%20excluding%20both%20device%20and%20user%20dynamic%20groups%20but%20still%20get%20blocked%20from%20signing%20in.%26nbsp%3B%20I%20would%20really%20like%20to%20just%20skip%20enrolling%20these%20devices%20into%20InTune.%26nbsp%3B%20We%20have%20all%20the%20administrative%20capabilities%20needed%20in%20the%20Teams%20Admin%20Console%20and%20I%20don't%20see%20myself%20or%20the%20customer%20using%20InTune%20to%20keep%20track%20of%20these%20devices.%26nbsp%3B%20I%20read%20through%20the%20comments%20(and%20maybe%20I%20missed%20it)%20but%20did%20someone%20give%20some%20advice%20on%20how%20to%20exclude%20these%20devices%20and%20bypass%20Intune%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3001178%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Teams%20IP%20Phones%20and%20Intune%20Enrollment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3001178%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F985732%22%20target%3D%22_blank%22%3E%40RonSanJose%3C%2FA%3E%26nbsp%3Byou%20can%20exclude%20devices%20in%20your%20CA%20policy%20by%20model%20or%20Device%20ID.%20I%20also%20don't%20see%20any%20use%20case%20for%20having%20them%20enrolled%20in%20Intune.%20anyone%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Jun 22 2021 02:32 PM
Updated by: