Microsoft Teams IP Phones and Intune Enrollment
Published Jan 28 2019 10:57 PM 9,378 Views
Microsoft

For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace. For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.  

 

Allowing successful Intune enrollment for Android versions 5.x and up 

If all the following conditions below are true, you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment: 

  • You are deploying a Teams IP phone with Android OS version 5.x or later. 
  • You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices. 
  • You have configured your enrollment restrictions such that Android work profile enrollment restrictions are applied to the end user account that you are using to enroll. 

The recommended deployment configuration is (only one of these two are necessary):  

  • Adjust your enrollment restrictions settings in Intune so that the user you are enrolling the IP phone is not targeted with Android work profile.  This approach is recommended if you are managing Android Enterprise work profile devices in the same Intune tenant as your Teams device. 
  • If you are not actively using Android Enterprise in your Intune tenant, you can remove the connection to managed Google Play following the directions here under "Disconnect your Android enterprise administrative account".  Disconnecting your Intune tenant from managed Google Play will disable Android Enterprise enrollment entirely for your tenant.  Therefore, this option is only recommended if you are not managing any Android Enterprise devices in your Intune tenant.     

We are actively pursuing a fix from the firmware to handle this enrollment flow. Once the fix has been published to the Microsoft Device Management solution and devices have been updated, neither of these workarounds would be necessary regardless of whether the three factors above are all true.

 

Device-based Exception via Intune 

Intune allows creating device compliance policies in the tenant for the Android-based devices accessing organizational data. These policies are applied to user accounts and currently do not provide the ability to distinguish device types on the same operating system (eg: Desk phones vs conventional mobile devices phones). Tenant administrators might need to provide exceptions to user accounts for Teams IP phones to complete sign in. 

8 Comments

Sounds like a good idea :)

Agreed with @adam deltinger - a good idea moving forward.

Microsoft
Great job Agus and everyone involved on root-causing this and coming to quick resolution for our customers.
Steel Contributor

Great findings guy! Do you plan to apply those new filters to exiting data or will it apply only for calls staring after 1st February

 

Thanks

Microsoft
We are testing the backfill at this time to see if we can correct the historical data. TBD.
Steel Contributor

Thanks @Aaron Steele 

Iron Contributor

Appreciate the transparency. Good work.

Copper Contributor
Version history
Last update:
‎Jan 26 2021 10:42 AM
Updated by: