Microsoft Tech Community Live:  Microsoft Teams Edition
November 09, 2021, 08:00 AM - 12:00 PM (PST)
SOLVED

Teams Phone device refuse login with 1449/1.0.94.2021033002 firmware and ADFS

%3CLINGO-SUB%20id%3D%22lingo-sub-2270432%22%20slang%3D%22en-US%22%3ETeams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2270432%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anybody%20been%20using%20ADFS%20with%20Teams%20noticed%20an%20issue%20with%20the%20last%20two%20firmware%20updates%2C%20when%20performing%20logins%20off-network%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20customer%20running%20Yealink%20MP56%20phones%20and%20the%20latest%20firmware%20122.15.0.36%20running%20Teams%20App%201449%2F1.0.94.2021022403%20or%20%3CSPAN%3E%3CSPAN%3E1449%2F1.0.94.2021033002%3C%2FSPAN%3E%3C%2FSPAN%3E%20can%20no%20longer%20login%20using%20either%20the%20device%20login%20code%20or%20typing%20user%2Fpass.%20The%20login%20seems%20to%20get%20stuck%20in%20a%20loop%20between%20device%20registration%20and%20preparing%20the%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suspect%20this%20is%20partially%20to%20do%20with%20the%20ADFS%20configuration%20not%20using%20UPN%20for%20authentication%2C%20but%20this%20wasn't%20an%20issue%20prior%20to%201449%2F1.0.94.2021022403.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2270432%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2271000%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2271000%22%20slang%3D%22en-US%22%3EI'm%20having%20the%20same%20issue%20with%20a%20Yealink%20T55A.%20Once%20the%20update%20was%20completed%2C%20the%20phone%20will%20not%20receive%20a%20device%20code%20for%20provisioning.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2271298%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2271298%22%20slang%3D%22en-US%22%3ESame%20issue%20here.%20Yealink%20VP59.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2272260%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2272260%22%20slang%3D%22en-US%22%3ESame%20issue%20here.%20Yealink%20MP54%20and%20AudiocodesC450HD.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2272938%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2272938%22%20slang%3D%22en-US%22%3EAre%20you%20able%20to%20open%20a%20support%20ticket%20with%20Microsoft%3F%20Can%20you%20send%20me%20the%20ticket%20number%20as%20a%20message%20you've%20opened%20it%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2273264%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2273264%22%20slang%3D%22en-US%22%3EDon't%20know%20if%20this%20helps%20anyone%2C%20but%20I%20opened%20tickets%20with%20Microsoft%20Teams%20support%2C%20Azure%20support%2C%20and%20Yealink.%20So%20far%2C%20everyone%20is%20saying%20it's%20someone%20else's%20issue.%20This%20has%20been%20going%20on%20for%20about%209%20days.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2273332%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2273332%22%20slang%3D%22en-US%22%3EIt%20would%20be%20helpful%20if%20you%20can%20send%20me%20a%20message%20with%20the%20Microsoft%20Teams%20ticket%20details.%20I%20am%20a%20PM%20in%20the%20team%2C%20and%20would%20like%20to%20see%20this%20ticket.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274577%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274577%22%20slang%3D%22en-US%22%3EDM%20sent%20with%20ticket%20number.%20I%20did%20speak%20with%20a%20contact%20at%20Yealink%20yesterday%20and%20they%20suggested%20a%20possible%20issue%20with%20device%20count%20limits%2C%20but%20I%20realized%20this%20morning%20I'm%20trying%20to%20login%20to%20the%20same%20device%20I%20already%20have%20registered%20under%20the%20tenant%20so%20it%20shouldn't%20(in%20theory)%20be%20that.%3CBR%20%2F%3E%3CBR%20%2F%3ERolling%20back%20to%20an%20earlier%20firmware%20and%20Teams%20app%20from%20last%20year%20seems%20to%20resolve%20the%20issue.%20Upgrading%20again%20breaks%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2274914%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2274914%22%20slang%3D%22en-US%22%3EI%20sent%20the%20ticket%20information%20in%20a%20DM.%20The%20ticket%20with%20Azure%20was%20closed%20because%20it%20was%20a%20'duplicate'%20ticket.%20Yealink%20also%20said%20it%20may%20be%20a%20problem%20with%20too%20many%20devices%20for%20the%20user%2C%20but%20only%20one%20is%20assigned%20and%20I%20have%20set%20my%20company%20limit%20to%2020%2C%20so%20that%20should%20not%20be%20an%20issue.%20I%20am%20going%20to%20try%20to%20downgrade%20it%20today%2C%20similar%20to%20what%20jangliss%20did%2C%20to%20see%20if%20my%20problem%20is%20fixed.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2275011%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2275011%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1025164%22%20target%3D%22_blank%22%3E%40Jacob_B%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20assuming%20you%20are%20using%20ADFS%3F%20Did%20Microsoft%20gather%20the%20ADFS%20logs%20from%20your%20failed%20attempts%3F%20I'm%20working%20on%20gathering%20those%20myself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20gone%20back%20and%20done%20additional%20testing%20and%20it%20doesn't%20appear%20to%20be%20limited%20to%20a%20particular%20vendor.%20I've%20tested%20with%20Poly%20CCX%20400%2C%20CCX%20500%2C%20and%20CCX%20700%2C%20AudioCodes%20HD450%2C%20Yealink%20T56A%2C%20T58A%2C%20and%20MP56.%26nbsp%3B%20It's%20after%20deploying%20the%20February%20update%20which%20appears%20to%20be%20bundled%20with%20most%20of%20the%20latest%20firmwares%20from%20the%20vendors%2C%20things%20break.%26nbsp%3B%20Going%20to%20roll%20back%20a%20few%20firmware%20and%20do%20additional%20testing%20to%20verify.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2275201%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2275201%22%20slang%3D%22en-US%22%3EIf%20possible%2C%20could%20you%20send%20this%20ticket%20information%20to%20me%20as%20well%3F%20I%20am%20deploying%20an%20MP56%20with%20the%20same%20firmware%2FTeams%20version%2C%20and%20the%20same%20problem.%3CBR%20%2F%3E%3CBR%20%2F%3EAlso%2C%20to%20confirm%2C%20are%20you%20seeing%20the%20%22Oops%2C%20you%20can't%20access%20this%20right%20now.%22%20error%20when%20attempting%20to%20login%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2275294%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2275294%22%20slang%3D%22en-US%22%3EDM%20sent.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2275298%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2275298%22%20slang%3D%22en-US%22%3EI%20was%20not%20able%20to%20find%20any%20failed%20logins%20in%20any%20of%20the%20Microsoft%20cloud%20services%2C%20it's%20like%20the%20device%20is%20not%20connecting%20or%20seeing%20Microsoft%20at%20all.%20I%20checked%20my%20firewall%20to%20verify%20that%20no%20ports%20needed%20to%20access%20and%20run%20Teams%20are%20being%20blocked.%20Downgrading%20did%20not%20help%2C%20so%20no%20luck%20there.%20I%20sent%20a%20video%20of%20the%20issue%20to%20Microsoft%20today%20for%20them%20to%20view%20the%20problem%20that%20I%20am%20running%20into.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2276245%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2276245%22%20slang%3D%22en-US%22%3EFYI%20-%20the%20phone%20is%20not%20saving%20the%20time%20settings%20when%20it's%20rebooted%20which%20may%20be%20part%20of%20the%20problem.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2276340%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2276340%22%20slang%3D%22en-US%22%3EI%20originally%20opened%20this%20thinking%20it%20might%20have%20been%20ADFS%20related%2C%20but%20also%20seeing%20this%20across%20tenants%20not%20using%20ADFS.%20This%20seems%20like%20a%20big%20issue!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2277964%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2277964%22%20slang%3D%22en-US%22%3EWe%20are%20having%20the%20same%20issue%20with%20Poly%20C60%20conference%20room%20phones%20once%20updated%20to%20firmware%207.0.2.1071.%20This%20firmware%20comes%20with%20Teams%20App%201449%2F1.0.94.2021022403%20and%20we%20get%20the%20same%20login%20loop.%20I've%20tried%20updating%20to%20Teams%20App%201449%2F1.0.94.2021033002%20but%20problem%20persists.%20I%20have%20tried%20both%20the%20original%20web%20login%20method%20as%20well%20as%20the%20new%20remote%20provision%2Flogin%20method%20and%20both%20result%20in%20the%20same%20login%20loop.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20roll%20the%20firmware%20back%20to%205.9.5.3153%20and%20Teams%20App%201449%2F1.0.94.2020121001%2C%20I%20can%20web%20login%20the%20phone%20again%20without%20issue.%20I%20can%20then%20fully%20upgrade%20the%20phone's%20firmware%20and%20Teams%20App%20version%20to%20latest%20and%20the%20phone%20will%20stay%20logged%20in.%20However%2C%20if%20I%20log%20it%20out%2C%20I%20can't%20log%20it%20back%20in%20as%20it%20gets%20stuck%20in%20the%20same%20loop.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2279936%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2279936%22%20slang%3D%22en-US%22%3EThe%20biggest%20issue%20of%20all%20is%20that%20there's%20no%20way%20to%20stop%20these%20phones%20from%20automatically%20getting%20the%20update%20eventually!%20Deferring%20for%2090%20days%20is%20the%20best%20we%20can%20do%20and%20that's%20a%20very%20manual%20process%20to%20have%20to%20set%20each%20and%20every%20phone%20as%20they%20come%20in.%20Imagine%20how%20rough%20it's%20going%20to%20be%20when%20you%20have%20hundreds%20of%20phones!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2280275%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280275%22%20slang%3D%22en-US%22%3EHas%20anyone%20found%20a%20real%20solution%20to%20this%20issue%3F%20I%20am%20about%20to%20start%20rolling%20back%20firmware%20but%20was%20hoping%20someone%20has%20an%20answer.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2280375%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280375%22%20slang%3D%22en-US%22%3EI've%20not%20heard%20anything%20back%20on%20our%20open%20Microsoft%20support%20ticket%20but%20the%20more%20people%20that%20open%20tickets%2C%20the%20more%20visibility%20this%20is%20going%20to%20get%20for%20quicker%20resolution.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2281576%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2281576%22%20slang%3D%22en-US%22%3EI'd%20definitely%20agree.%20Open%20tickets%20if%20you%20haven't%20already.%20I've%20not%20heard%20anything%20from%20support%20on%20my%20ticket%20other%20than%20%22sorry%20for%20the%20delay%2C%20we're%20waiting%20to%20hear%20back%20from%20engineering%22.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2301403%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2301403%22%20slang%3D%22en-US%22%3EHi%20All%2C%3CBR%20%2F%3EWe%20are%20experiencing%20the%20exact%20same%20issue%20described%20here%20using%20Yealink%20T55A%20IP%20phones%20off%20network.%20We%20have%20opened%20a%20case%20with%20our%20Teams%20telecom%20provider.%20Will%20update%20here%20if%20we%20receive%20any%20news.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2311959%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2311959%22%20slang%3D%22en-US%22%3EThis%20ended%20up%20being%20an%20issue%20with%20a%20DNS%20server%20for%20my%20phone%2C%20but%20Microsoft%20and%20Yealink%20did%20not%20find%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2340406%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2340406%22%20slang%3D%22en-US%22%3EHi%20All%2C%3CBR%20%2F%3EAn%20update%20on%20our%20side.%20We%20are%20using%20Intune%20and%20when%20we%20allowed%20the%20device%20to%20be%20enrolled%20when%20the%20user%20signs%20in%20the%20issue%20does%20not%20happen.%3CBR%20%2F%3ENot%20sure%20why%20but%20it%20seems%20stable.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2341823%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2341823%22%20slang%3D%22en-US%22%3EJeroen%2C%20can%20you%20give%20additional%20details%20on%20what%20you%20had%20to%20do%20to%20fix%20it%3F%3CBR%20%2F%3EWe%20use%20ADFS%20with%20synced%20accounts%20to%20AAD.%20When%20I%20update%20a%20phone%20to%20latest%20version%2C%20seems%20ok%20at%20first%20but%20if%20user%20logs%20out%20of%20that%20phone%2C%20they%20are%20unable%20to%20log%20back%20in.%20Almost%20like%20a%20log%20in%20loop.%20It%20prompts%20user%20for%20mfa%20and%20it%20almost%20looks%20like%20it%20is%20going%20to%20log%20in%20but%20then%20it%20goes%20back%20to%20original%20start%20page%20where%20it%20displays%20the%20login%20code.%20This%20happens%20on%20or%20off%20internal%20network.%20I%20did%20create%20a%20test%40company.onmicrosoft.com%20and%20it%20seems%20to%20work%20fine.%3CBR%20%2F%3ERolling%20back%20to%20older%20firmware%20like%206.0.X%20on%20Poly%20CCX%20phones%2C%20user%20is%20able%20to%20log%20in%20again.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2344500%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2344500%22%20slang%3D%22en-US%22%3EHi%20_tricks%2C%20what%20I%20did%20was%20allow%20the%20IP%20phone%20to%20enroll%20into%20Intune.%20The%20Yealink%20T55A%20we%20use%20has%20Android%20version%207.1%20and%20can%20only%20be%20enrolled%20into%20Intune%20as%20%22device%20administrator%22%20which%20we%20actually%20are%20blocking%20for%20personal%20devices.%3CBR%20%2F%3ESo%20what%20we%20did%20was%20upload%20the%20serial%20number%20of%20the%20Yealink%20phone%20into%20Intune%20as%20a%20corporate%20identifier.%20This%20will%20then%20allow%20the%20device%20to%20be%20enrolled.%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20we%20had%20the%20device%20enrolled%20into%20Intune%20we%20could%20log%20out%20and%20back%20in.%20Using%20different%20user%20accounts%20and%20the%20device%20kept%20working.%20As%20soon%20as%20I%20removed%20the%20device%20from%20Intune%20enrollment%20and%20tried%20the%20log%20out%20%2F%20log%20in%20it%20would%20get%20into%20the%20loop%20again.%3CBR%20%2F%3ESo%20without%20Intune%20enrollment%20we%20still%20need%20to%20downgrade%20the%20Teams%20app%20version%20and%20device%20firmware......%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20you%20could%20say%20this%20is%20kind%20of%20a%20workaround.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2344579%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2344579%22%20slang%3D%22en-US%22%3EI've%20done%20a%20single%20device%20test%20successfully%20doing%20what%20Jeroen%20described...a%20Trio%20C60.%20Our%20Android%20version%20%22floor%22%20is%20currently%20excluding%20the%20single%20AudioCodes%20C450HD%20test%20device%20I%20have%20and%20I've%20not%20pushed%20to%20have%20the%20floor%20lowered%20just%20for%20the%20test.%20Registering%20the%20device's%20serial%20along%20in%20InTune%20didn't%20get%20around%20our%20Android%20version%20limit.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2363780%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2363780%22%20slang%3D%22en-US%22%3EEVERYONE....please%20reach%20out%20to%20your%20TAMs%2C%20support%20engineers%2C%20whoever%20you%20can%20and%20push%20for%20greater%20visibility%20of%20this%20issue!%20We've%20had%20a%20case%20open%20for%20a%20month%20now%20and%20getting%20pretty%20much%20nowhere.%20Last%20week%2C%20MS%20engaged%20Poly%20support%20believing%20it%20to%20be%20their%20problem%20for%20some%20reason...as%20if%20it's%20a%20base%20firmware%20issue%20rather%20than%20a%20problem%20with%20the%20Teams%20app%20code%20itself.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20I%20understand%20it%2C%20the%20base%20firmware%20is%20%22owned%22%20by%20the%20phone%20manufacturers.%20Of%20course%20every%20manufacturers%20firmware%20is%20different.%20Our%20Poly%20phones%20run%20Android%209.%20I%20know%20the%20AudioCodes%20C450HD%20runs%20Android%207.%20It%20seems%20pretty%20obvious%20to%20me%20that%20the%20common%20thread%20between%20Poly%2C%20AudioCodes%2C%20and%20Yealink%20phones%20is%20the%20Teams%20app%20code%20itself%2C%20not%20the%20base%20firmware.%3CBR%20%2F%3E%3CBR%20%2F%3EKeep%20in%20mind%20that%20we%20(the%20customer)%20haven't%20been%20given%20control%20to%20disable%20automatic%20firmware%20upgrades%20from%20Teams%20Admin%20Center.%20The%20best%20we%20can%20do%20is%20defer%2090%20days.%20Even%20if%20you%20back-level%20the%20code%2C%20the%20phone%20is%20going%20to%20get%20the%20upgrade%20forced%20back%20down%20to%20it%20by%20Microsoft.%20And%20if%20you%20miss%20one%20setting%20the%2090%20day%20deferral%2C%20that%2030%20days%20is%20going%20to%20be%20hitting%20you%20very%20soon.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2404707%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2404707%22%20slang%3D%22en-US%22%3EHi%2C%20did%20you%20find%20a%20fix%20for%20this%3F%20we%20have%20the%20same%20issue.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2405064%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2405064%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1068493%22%20target%3D%22_blank%22%3E%40jonasb120%3C%2FA%3EUnfortunately%20still%20dealing%20with%20support%20and%20%22can%20we%20get%20more%20logs%22%20phase.%20Having%20absolutely%20no%20luck%20so%20far.%20I%20would%20absolutely%20encourage%20you%20to%20open%20a%20case%20though%2C%20if%20you%20haven't%20already.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2406287%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2406287%22%20slang%3D%22en-US%22%3EHi%20guys%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWe've%20faced%20the%20same%20issue%20with%20T55%2FT56%2FMP56%2FCP960%20Yealink%20Phones.%3CBR%20%2F%3EAnd%20I'm%20pretty%20sure%20that%20it's%20related%20to%20the%201449%2F1.0.94.2021022403%3CBR%20%2F%3EThe%20simpliest%20test%20with%20them%20%26gt%3B%26gt%3B%20upgrade%20Firmware%20to%20the%20latest%20one%20to%20get%201449%2F1.0.94.2021022403%20on%20it%20and%20then%20downgrade%20FW%20to%20previous%20version.%3CBR%20%2F%3ETeams%20Version%20will%20remain%20the%20same%20after%20downgrade%20until%20you%20make%20factory%20reset.%3CBR%20%2F%3ESo%20even%20with%20downgraded%20FW%20it%20causes%20the%20same%20issue.%3CBR%20%2F%3EOnce%20you%20roll%20back%20to%20previous%20Teams%20Version%20by%20factory%20reset%20%26gt%3B%26gt%3B%20it%20will%20work%20ok.%3CBR%20%2F%3E%3CBR%20%2F%3EDIdn't%20yet%20test%20CCX%20phones%20with%20the%20latest%20Teams%20Version%20but%20suspect%20the%20same%20issue%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2406987%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2406987%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20done%20the%20same%20procedure%20as%20described%20by%20Ruslan_Bakharev%20and%20came%20to%20the%20same%20conclusion.%20As%20soon%20as%20you%20upgrade%20the%20Teams%20app%20to%201449%2F1.0.94.2021022403%20or%201449%2F1.0.94.2021033002%20the%20logon%20loop%20issue%20occurs.%3CBR%20%2F%3EWe%20have%20created%20a%20ticket%20with%20Microsoft%20and%20gave%20them%20all%20the%20usual%20stuff%2C%20logs%2C%20software%20version%20and%20even%20a%20video%20of%20the%20re-created%20issue.%20No%20useful%20reaction%20from%20MS%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditional%20test%3A%3C%2FP%3E%3CP%3E-Using%20a%20cloud%20only%20account%20the%20issue%20does%20not%20occur.%20(So%20it%20seems%20linked%20to%20hybrid%20setup)%3C%2FP%3E%3CP%3E-Using%20a%20hybrid%20account%20and%20enroll%20the%20device%20into%20Intune%2C%20the%20issue%20does%20not%20occur.%20(Not%20clear%20why)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2407578%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2407578%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10931%22%20target%3D%22_blank%22%3E%40Jeroen%20Dijkman%3C%2FA%3E%26nbsp%3BI%20have%20too%20raised%20with%20MSFT.%20thanks%20for%20the%20info.%20i'll%20keep%20this%20thread%20updated%20if%20i%20get%20anywhere%20with%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2409052%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2409052%22%20slang%3D%22en-US%22%3EWell%20I've%20faced%20same%20issue%20with%20Intune%20managed%20device.%3CBR%20%2F%3ESo%20for%20me%20both%20test%20phone%20account%20(without%20conditional%20access)%20and%20my%20personal%20one%20with%20Intune%20provisioned%20looked%20quite%20similar.%3CBR%20%2F%3EOverall%20I've%20noted%20in%20my%20env%203%20different%20scenarios%3A%3CBR%20%2F%3E1)%20Device%20freezes%20during%20connection%2Fregistration%20stage%3CBR%20%2F%3E2)%20Device%20drops%20you%20to%20the%20main%20screen%20after%20some%20period%20of%20time%20during%20registration%20stage%3CBR%20%2F%3E3)%20Device%20drops%20you%20to%20the%20main%20screen%20after%20you%20provision%20it%20with%20account.%20It%20works%20just%20for%20couple%20of%20minutes%20and%20then%20nothing.%3CBR%20%2F%3EAt%20the%20same%20time%20looking%20into%20Azure%20logs%20you%20don't%20see%20any%20blockage.%3CBR%20%2F%3EAnd%20even%20strange%20in%20case%20of%20scenario%203%20Azure%20removes%20device%20completely%20from%20AAD%20which%20is%20quite%20strange.%3CBR%20%2F%3E%3CBR%20%2F%3EI've%20opened%20a%20ticket%20with%20MS%20just%20recently%20as%20well%20providing%20logs%20and%20video%20showing%20the%20issue%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3EHope%20it%20will%20help%20at%20least%20to%20investigate%20it%20faster.%3CBR%20%2F%3ESame%20like%20BrandonJ365%20I%20had%20to%20defer%20the%20phones%20auto%20update%20by%2090%20days%20in%20order%20to%20avoid%20impact%20on%20sites.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2426089%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2426089%22%20slang%3D%22en-US%22%3ESo%20I%20received%20feedback%20from%20Microsoft.%20They%20actually%20told%20me%20to%20solve%20the%20issue%20you%20have%20to%20allow%20the%20IP%20phone%20to%20be%20enrolled%20into%20Intune!%20Which%20for%20me%20is%20crazy.%20The%20Yealink%20IP%20phones%20we%20are%20using%20still%20have%20the%20Android%20Device%20Administrator%20as%20management%20option.%20Something%20we%20do%20not%20want%20to%20use.%3CBR%20%2F%3EI%20have%20asked%20to%20Microsoft%20if%20they%20consider%20the%20Intune%20enrollment%20as%20a%20workaround.%20Because%20for%20me%20this%20is%20not%20the%20root%20cause%20of%20the%20issue.%3CBR%20%2F%3EI%20also%20asked%20%22What%20if%20we%20do%20not%20use%20Intune%3F%22.%20What%20solution%20do%20they%20have%20then.%3CBR%20%2F%3ESo%20I%20am%20awaiting%20their%20answer.%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20be%20continued.....%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2430848%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2430848%22%20slang%3D%22en-US%22%3EHi%20Jeroen%2C%3CBR%20%2F%3E%3CBR%20%2F%3EFrom%20my%20personal%20experience%20communicating%20with%20support%20regarding%20Teams%20Phone%20devices%20is%20that%20they%20don't%20understand%20how%20to%20properly%20support%20Teams%20Phones.%3CBR%20%2F%3ERecently%20I've%20got%20reply%20that%20I%20need%20to%20contact%20phone%20vendor%20for%20investigation%20regarding%20this%20issue%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3EAnd%20it's%20frustrating.%3CBR%20%2F%3E%3CBR%20%2F%3EAndroid%20Device%20Administrator%20was%20never%20properly%20adopted%20by%20Intune%20for%20Teams%20Phone%20devices%20that's%20why%20there%20are%20recommendations%20to%20disable%20multiple%20inspections%20for%20Teams%20Phones.%3CBR%20%2F%3E(typical%20example%20was%20Trio%208500%2F8800%20which%20was%20never%20properly%20working%20with%20Intune).%3CBR%20%2F%3E%3CBR%20%2F%3EIntune%20enrollment%20is%20completely%20not%20acceptable%20scenario%20in%20example%20for%20Common%20Area%20Phones%20which%20are%20running%20with%20Common%20Area%20Phone%20license%20(it%20has%20no%20Intune%20license%20in%20it).%3CBR%20%2F%3EMy%20personal%20opinion%20that%20Teams%20Phones%20should%20not%20be%20rolled%20to%20Intune%20until%20Intune%20will%20properly%20recognize%20and%20process%20such%20devices.%3CBR%20%2F%3ENot%20like%20it's%20done%20right%20now.%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20happy%20at%20least%20that%20CAP%20phones%20are%20not%20in%20Intune%20and%20we're%20trying%20to%20do%20the%20same%20for%20Conference%20Phones.%3CBR%20%2F%3EUnfortunately%20it's%20not%20possible%20for%20end-users%20because%20of%20Conditional%20Access.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2430854%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2430854%22%20slang%3D%22en-US%22%3EAll%20of%20this%20really%20points%20to%20a%20lack%20of%20maturity%20in%20the%20native%20Teams%20phone%20space.%20At%20least%20as%20full%20experience%20user%20phones%2C%20all%20of%20the%20makes%20and%20models%20we've%20tested%20have%20been%20terribly%20slow%2Flaggy%20in%20the%20user%20interface%20department.%20Attempting%20to%20manage%20software%20updates%20on%20them%20from%20Teams%20Admin%20Center%20has%20been%20frustrating....even%20ignoring%20this%20current%20issue.%20We%20ultimately%20decided%20to%20stay%20on%203PIP%20phones%20for%20all%20except%20conference%20rooms%20where%20there%20is%20truly%20an%20actual%20user%20experience%20benefit%20in%20a%20Teams%20native%20phone....the%20ability%20to%20one%20touch%20join%20a%20meeting.%20This%20at%20least%20keeps%20our%20pain%20level%20to%20a%20few%20hundred%20phones%20rather%20than%20a%20few%20thousand.%20Plus%20the%20user%20interface%20on%20the%20phones%20is%20much%20snappier%20when%20limited%20to%20a%20specific%20purpose%20(conference%20room%20or%20common%20area%20phone)%20using%20the%20IP%20Phone%20Policy.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2431346%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2431346%22%20slang%3D%22en-US%22%3ETotally%20agree.%20Current%20approach%20with%20Teams%20Phones%20is%20totally%20disappointing.%3CBR%20%2F%3EThere%20are%20a%20lot%20things%20to%20count%20in%20mind%20for%20using%20this%20phones.%3CBR%20%2F%3EIntune%2C%20Teams%20Admin%20centre%20lagging%20and%20bugging.%20Without%20automated%20config%20applying%20based%20on%20subnet%20etc.%3CBR%20%2F%3EIn%20example%20when%20we%20were%20targeting%20to%20implement%20Teams%20Phones%20we%20thought%20that%20we%20will%20not%20need%20provisioning%20server.%3CBR%20%2F%3ENow%20I'm%20thinking%20that%20it's%20the%20only%20alternative%20to%20make%20everything%20work%20properly%20at%20least%20from%20the%20settings%20perspective.%3CBR%20%2F%3EBut%20mostly%20problems%20are%20because%20of%20this%20bugs%2C%20firmware%20modifications%20without%20proper%20testing%20etc.%3CBR%20%2F%3E%3CBR%20%2F%3EAgree%2C%20CAP%20IPPhone%20policy%20is%20very%20limited.%3CBR%20%2F%3EAlmost%20year%20ago%20I've%20asked%20if%20there%20will%20be%20speed%20dials%20for%20it%20because%20it%20will%20satisfy%20our%20needs%20but%20still%20nothing%20happens.%3CBR%20%2F%3ESo%20CAP%20ipphone%20policy%20we%20use%20only%20in%20specific%20cases.%20Mostly%20we%20leave%20it%20with%20normal%20user%20interface.%20Yes%20even%20with%20non-working%20voicemail%20functionality%20(because%20of%20CAP%20license).%3CBR%20%2F%3EConference%20phones%20we're%20trying%20to%20move%20out%20from%20Intune%20as%20well%20because%20I%20had%20a%20lot%20of%20issues%20with%20Trio%208500%2F8800%20with%20Intune.%3CBR%20%2F%3EAnd%20all%20this%20thing%20is%20very%20hard%20to%20automate%20because%20Intune%20provisioning%20and%20especially%20intune%20issues%20troubleshooting%20takes%20much%20time.%3CBR%20%2F%3EFor%203PIP%20phones%20it's%20also%20another%20story%20%3A)%3C%2Fimg%3E%20VVX%20phones%20with%20it%20are%20also%20not%20dat%20stable%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2433955%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2433955%22%20slang%3D%22en-US%22%3EHi%20All%2C%3CBR%20%2F%3EI%20received%20another%20update%20from%20MS%20Support.%20Basically%20the%20%22politely%22%20told%20me%20that%20enrolling%20the%20IP%20phone%20into%20Intune%20using%20the%20Android%20Device%20Admin%20is%20the%20solution%20the%20offer.%3CBR%20%2F%3EI%20told%20them%20again%20I%20do%20not%20agree%20with%20this%20and%20they%20are%20going%20to%20check%20one%20more%20time%20with%20the%20back%20end%20team.%20But%20I%20have%20very%20little%20hope%20another%20solution%20will%20be%20offered.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20been%20working%20with%20MS%20solutions%20for%20over%2020%20years%20and%20this%20brings%20me%20back%20to%20the%20early%20days%20when%20they%20always%20forced%20their%20way%20of%20working%20on%20the%20customer.%20I%20have%20seen%20this%20behavior%20change%20since%20the%20CEO%20change%20some%20years%20ago%2C%20so%20I%20am%20pretty%20disappointed.%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20any%20of%20the%20Microsoft%20Techs%20monitoring%20this%20thread%2C%20this%20is%20a%20shout%20out%20to%20assist%20if%20you%20can...%3CBR%20%2F%3E%3CBR%20%2F%3Eregard%2C%20Jeroen%20Dijkman%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2434534%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2434534%22%20slang%3D%22en-US%22%3EWell%20I've%20officially%20received%20the%20same%20BS%20answer%20claiming%20that%20this%20change%20was%20intentional%20to%20%22correct%20this%20issue%22%20of%20Teams%20allowing%20phones%20to%20login%20that%20hadn't%20been%20InTune%20enrolled.%20They%20claim%20one%20solution%20is%20to%20remove%20InTune%20licensing%20if%20we%20don't%20want%20to%20InTune%20enroll.%20I%20have%20a%20test%20Common%20Area%20Phone%20account%20which%20does%20not%20have%20InTune%20licensing%20and%20it%20STILL%20can't%20login%20to%20Teams%20on%20this%20new%20code.%20They%20are%20obviously%20floundering%20here%20and%20have%20no%20clue.%20IF%20this%20was%20all%20intentional%20to%20resolve%20a%20known%20issue%2C%20why%20did%20it%20take%20them%202%20months%20to%20figure%20that%20out%20and%20respond%3F%3F%3F%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20inclined%20to%20believe%20that%20the%20only%20reason%20we%20are%20being%20given%20this%20answer%20is%20because%20you%20(Jeroen)%20discovered%20that%20InTune%20enrollment%20works%20around%20the%20issue.%20I'd%20bet%20had%20you%20never%20discovered%20that%2C%20Microsoft%20would%20still%20be%20scratching%20their%20heads%20trying%20to%20figure%20out%20what's%20going%20on.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2434894%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2434894%22%20slang%3D%22en-US%22%3E%3CP%3EIntune%20enrollment%20works%20only%20for%20Jeroen%20%3AD%3C%2Fimg%3E%3CBR%20%2F%3EFor%20me%20even%20Intune%20managed%20device%20is%20stucking%20in%20provisioning.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20honestly%20don't%20understand%20this%20support%20approach.%3CBR%20%2F%3EThey%20waste%20tons%20of%20time%20instead%20of%20escalating%20it%20to%20developers.%3CBR%20%2F%3E%3CBR%20%2F%3EJust%20interesting%20if%20Ilya%20Bukshteyn%20is%20aware%20about%20this%20situation%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2445832%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2445832%22%20slang%3D%22en-US%22%3EActually%20device%20administrator%20InTune%20enrollment%20works%20for%20us%20too%20(as%20long%20as%20the%20account%20is%20licensed%20for%20it)%2C%20but%20still%20undesirable.%20Luckily%20for%20us%20the%20Poly%20Trio%20C60%20is%20at%20least%20on%20a%20modern%20Android%20version%20(v9)%20which%20is%20above%20our%20%22floor%22%20setting%20in%20InTune.%20I%20have%20an%20AudioCodes%20C450HD%20that%20we%20purchased%20for%20eval%20which%20is%20below%20the%20floor%20(running%20Android%207)%20so%20that%20phone%20is%20pretty%20much%20a%20brick%20at%20this%20point.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2454296%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2454296%22%20slang%3D%22en-US%22%3EToday%20I've%20tested%20new%20FW%20from%20Yealink%20T55(T58A%2CT56A)-58.15.0.131.rom%3CBR%20%2F%3EUnfortunately%20the%20same%20behavior.%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20still%20pushing%20MS%20to%20continue%20issue%20resolution.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2455100%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2455100%22%20slang%3D%22en-US%22%3EI've%20had%20sporadic%20success%20with%20doing%20a%20factory%20reset%20after%20or%20before%20doing%20a%20firmware%20update.%20Not%20sure%20if%20the%20local%20cache%20is%20keeping%20some%20data%20that%20might%20be%20the%20cause%20or%20not.%20If%20I%20remember%20correctly%2C%20you%20can%20hold%20the%20*%20and%20%23%20keys%20when%20you%20plug%20the%20power%20in%20to%20clear%20the%20Teams%20cache%20on%20Yealink%20devices.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20just%20did%20an%20MP56%20and%20a%20T56a%2C%20both%20having%20been%20factory%20reset%20before%20(mostly%20because%20I%20was%20an%20idiot%20and%20signed%20into%20the%20wrong%20phone%20admin%20interface)%2C%20and%20both%20successfully%20logged%20in%20after%20coming%20back%20up.%20I've%20got%20more%20testing%20to%20do%20(login%20to%20another%20tenant%20without%20adfs%2C%20etc)%20to%20see%20if%20I%20can%20break%20it%20again.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502577%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502577%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20I%20have%20a%20small%20update%20from%20Microsoft%20on%20this%2C%20and%20it's%20more%20of%20a%20temporary%20fix%20from%20what%20I%20understand.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ELogin%20to%20%3CA%20href%3D%22https%3A%2F%2Fendpoint.microsoft.com%2F%23blade%2FMicrosoft_Intune_DeviceSettings%2FDevicesEnrollmentMenu%2FenrollmentRestrictions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fendpoint.microsoft.com%2F%23blade%2FMicrosoft_Intune_DeviceSettings%2FDevicesEnrollmentMenu%2FenrollmentRestrictions%3C%2FA%3E%3C%2FLI%3E%3CLI%3ECreate%20a%20new%20Device%20Type%20Restriction%3C%2FLI%3E%3CLI%3EGive%20it%20a%20name%3C%2FLI%3E%3CLI%3EOn%20%22Platform%20Settings%22%20change%20%22Android%20Enterprise%20(work%20profile)%22%20to%20BLOCK%3C%2FLI%3E%3CLI%3EMake%20sure%20%22Android%20Device%20Administration%22%20is%20set%20to%20ALLOW%3C%2FLI%3E%3CLI%3EClick%20Next%3C%2FLI%3E%3CLI%3EClick%20Next%3C%2FLI%3E%3CLI%3EUnder%20Assignments%20click%20Add%20Group%20and%20select%20the%20group%20of%20users%20that%20are%20signing%20into%20devices.%3C%2FLI%3E%3CLI%3EClick%20through%20to%20finish%20the%20setup%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWait%20a%20few%20minutes%2C%20and%20reboot%20the%20phone%2C%20login%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20still%20trying%20to%20find%20out%20how%20to%20resolve%20the%20issue%20correctly%2C%20but%20this%20seems%20to%20have%20helped%20most%20of%20the%20cases%20I've%20had%20issues%20with%20so%20far.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502803%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502803%22%20slang%3D%22en-US%22%3EI%20was%20given%20the%20same%20and%20it%20was%20in%20no%20way%20suggested%20or%20hinted%20as%20being%20a%20temporary%20fix.%20I%20still%20have%20issues%2Fconcerns%20with%20the%20requirement%20of%20InTune%20and%20am%20challenging%20why%20the%20Common%20Area%20Phone%20license%20doesn't%20include%20an%20InTune%20license%20if%20it%20truly%20is%20a%20requirement.%20No%20word%20back%20as%20of%20yet.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20have%20implemented%20the%20above%20%22solution%22%20and%20it%20certainly%20does%20resolve%20the%20logon%20loop%20issue.%20However%2C%20we've%20seen%20plenty%20of%20inconsistency%20along%20the%20way.%20For%20example%2C%20in%20some%20cases....let's%20call%20it%2020%25%20of%20the%20time%2C%20the%20phone%20will%20halt%20at%20the%20feature%20apps%20company%20portal%20screen%20as%20if%20you%20are%20being%20offered%20apps%20to%20install%20similar%20to%20a%20mobile%20phone.%20Unplugging%20and%20replugging%20the%20phone%20gets%20it%20booting%20up%20to%20where%20it%20should%20be%20but%20still%20a%20nuisance.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2503634%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2503634%22%20slang%3D%22en-US%22%3EThanks%20Brandon%2C%20I%20challenged%20the%20support%20rep%20for%20more%20details%20and%20they%20said%20it%20was%20%22the%20fix%20and%20wasn't%20temporary%22%20despite%20an%20earlier%20email%20stating%20it%20was%20%22fix%20for%20now%22.%20Requesting%20more%20documentation%20and%20details%2C%20because%20if%20this%20is%20now%20a%20hard%20requirement%2C%20it%20needs%20to%20be%20written%20out%20and%20documented.%20None%20of%20the%20partner%20vendors%20I%20work%20with%20have%20heard%20of%20it%2C%20and%20there%20aren't%20any%20details%20written%20elsewhere%20either.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2506725%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2506725%22%20slang%3D%22en-US%22%3EHi%20All%3CBR%20%2F%3EI%20also%20received%20this%20%22workaround%2Fpermanent%20fix%22%20from%20MS%20support%20after%20a%20call.%20They%20also%20told%20me%20that%20with%20this%20setup%20you%20do%20not%20need%20an%20Intune%20license%20which%20I%20concluded%20after%20testing%20is%20nonsense.%20With%20the%20Intune%20license%20it%20works%20yes%20off%20course%20because%20it%20enrolls%20into%20Intune%20but%20this%20I%20have%20already%20described%20in%20my%20previous%20posts.%3CBR%20%2F%3ESo%20I%20have%20told%20MS%20support%20this%20cannot%20be%20the%20permanent%20fix%20and%20they%20will%20forward%20it%20again%20to%20the%20backend%20team.%3CBR%20%2F%3EWe%20will%20see%20what%20happens.%3CBR%20%2F%3EAnd%20in%20terms%20of%20configuration%20you%20do%20need%20to%20setup%20a%20separate%20device%20restriction%20profile%2C%20that%20is%20only%20needed%20if%20you%20want%20to%20assign%20the%20Device%20Administrator%20option%20to%20a%20specific%20group.%3CBR%20%2F%3EOne%20final%20note%20if%20you%20do%20not%20allow%20personal%20devices%20you%20can%20use%20the%20same%20scenario%20but%20you%20will%20have%20to%20upload%20the%20IP%20phone%20serial%20number%20as%20corporate%20identifier.%3CBR%20%2F%3E%3CBR%20%2F%3Eto%20be%20continued......%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2508520%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2508520%22%20slang%3D%22en-US%22%3EThe%20latest%20nugget%20from%20the%20Department%20of%20Infinite%20Wisdom%20with%20regard%20to%20common%20area%20phones%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%22I%20have%20also%20reached%20out%20to%20PG%20from%20Intune%2C%20and%20they've%20confirmed%20Intune%20license%20is%20not%20required%20for%20Common%20Area%20Phone%2C%20but%20you%20will%20need%20to%20disable%20Conditional%20Access%20policies%20for%20it%20to%20work.%22%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20just%20disable%20security%20features....got%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2508552%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2508552%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%20could%20you%20chime%20in%20on%20this%3F%26nbsp%3B%20Support%20is%20literally%20telling%20folks%20to%20turn%20off%20security%20features%20(not%20a%20good%20look!)%2C%20and%20the%20%22fix%22%20is%20not%20documented%20as%20required%20anywhere%20and%20has%20been%20hit%2Fmiss%20for%20folks%20in%20this%20thread.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20still%20roll%20a%20phone%20back%20to%20pre-2021%20firmware%20and%20login%20works%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2532278%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2532278%22%20slang%3D%22en-US%22%3EHi%20Im%20also%20hitting%20this%20problem%20and%20getting%20to%20the%20point%20of%20returning%20all%20the%20hardware%20we%20have%20recently%20brought%20back%20to%20the%20supplier.%20I%20have%20done%20everything%20mentioned%20in%20these%20posts%20to%20the%20point%20the%20phone%20will%20now%20login%20a%20user%20A%20but%20when%20you%20click%20on%20status%20it%20show%20the%20user%20as%20User%20B%2C%20Just%20totally%20messed%20up.%20Got%20a%20big%20rollout%20of%20these%20devices%20in%20a%20couple%20of%20weeks%20and%20dont%20really%20want%20to%20go%20to%20management%20to%20say%20we%20need%20to%20use%20a%20different%20solution.%20Exactly%20the%20same%20issue%20as%20other%20was%20all%20fine%20till%20dam%20firmware%2Fteams%20update%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2532790%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2532790%22%20slang%3D%22en-US%22%3EJust%20chiming%20in%20to%20hopefully%20get%20this%20more%20visibility.%20Our%20organization%20is%20considering%20Teams%20phone%20as%20our%20next%20PBX%20and%20in%20the%20midst%20of%20trialing%20phones%20I%20am%20running%20into%20the%20same%20issues.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2532824%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2532824%22%20slang%3D%22en-US%22%3EConditional%20access%20policies%20are%20enforced%20as%20part%20of%20intune%20enrollment.%20It%20was%20an%20oversight%20in%20previous%20builds%20where%20we%20were%20not%20enforcing%20license%20requirements%20for%20enrollment.%20This%20has%20been%20fixed.%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20is%20by%20design%20that%20if%20you%20want%20to%20enforce%20CA%20policies%2C%20you%20will%20need%20an%20intune%20license.%20For%20CAP%20SKU%2C%20Intune%20license%20is%20an%20add-on.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2532826%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2532826%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fdevices%2Fphones-displays-deploy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fdevices%2Fphones-displays-deploy%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20explains%20that%20if%20you%20need%20CA%20policies%2C%20you%20need%20Intune%20enrollment.%20For%20intune%20enrollment%2C%20you%20need%20Intune%20license.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2537691%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2537691%22%20slang%3D%22en-US%22%3EIf%20you%20have%20some%20time%20to%20wait%2C%20I'd%20strongly%20suggest%20you%20consider%20waiting.%20This%20space%20is%20FAR%20from%20mature%20at%20this%20point.%20Aside%20from%20just%20a%20few%20personal%20and%20common%20area%20phones%2C%20we're%20only%20deploying%20Teams%20conference%20room%20phones%20right%20now%20and%20even%20ignoring%20this%20whole%20CA%2FInTune%20mess%2C%20it's%20still%20an%20ongoing%20rocky%20road.%3CBR%20%2F%3E%3CBR%20%2F%3EWe've%20had%20numerous%20issues%20along%20the%20way%20and%20continue%20to.%20Perhaps%20the%20worst%20issue%20of%20all%20at%20this%20point%20is%20the%20phones%20logging%20out%20for%20whatever%20reason%20and%20not%20logging%20themselves%20back%20in.%20I%20can't%20say%20for%20sure%20if%20the%20issue%20of%20logging%20out%20is%20on%20our%20end%20or%20Microsoft's%20but%20it%20was%20never%20an%20issue%20on%20Skype%20conference%20room%20phones.%20When%20(not%20if)%20something%20happens%20that%20causes%20the%20phones%20to%20log%20out%2C%20rather%20than%20logging%20themselves%20back%20in%2C%20they%20sit%20at%20a%20login%20screen.%20We've%20had%20several%20cases%20where%20a%20user%20will%20then%20walk%20in%20to%20a%20conference%20room%2C%20see%20the%20login%20screen%2C%20and%20log%20it%20in%20as%20their%20own%20personal%20phone%20in%20order%20to%20conduct%20a%20meeting.%20Then%20it%20will%20stay%20that%20way%20and%20be%20completely%20useless%20as%20a%20conference%20phone%20for%20anyone%20else%20until%20an%20administrator%20can%20go%20and%20log%20the%20phone%20back%20out%20and%20log%20it%20back%20in%20with%20the%20proper%20conference%20room%20account.%20And%20it's%20not%20that%20the%20phone%20%22forgot%22%20the%20conference%20room%20credentials%20when%20it%20logged%20out.%20If%20you%20catch%20it%20before%20a%20user%20does%20and%20simply%20reboot%20the%20phone%2C%20it%20will%20usually%20log%20itself%20back%20in%20to%20it's%20proper%20account.%20The%20catch%20is%2C%20you%20have%20no%20way%20of%20ever%20knowing%2C%20without%20visual%20inspection%2C%20that%20the%20phone%20has%20even%20logged%20itself%20out.%20According%20to%20Teams%20admin%20center%2C%20the%20phone%20is%20logged%20in%20despite%20visually%20seeing%20the%20login%20screen%20on%20the%20phone%20itself.%3CBR%20%2F%3E%3CBR%20%2F%3EWe've%20also%20seen%20situations%20where%20phones%20never%20show%20up%20in%20Teams%20admin%20center%20despite%20being%20fully%20functional%20and%20we%20even%20have%20at%20least%20one%20or%20two%20right%20now%20that%20show%20%22offline%22%20in%20Teams%20admin%20center%20despite%20the%20phone%20being%20online%20and%20100%25%20functional.%20Even%20rebooting%20the%20phone%20hasn't%20made%20it%20start%20showing%20online%20again.%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20we've%20had%20numerous%20phones%20that%20never%20get%20a%20dial-pad%20for%20making%20outbound%20calls.%20When%20you%20first%20provision%20an%20account%20for%20Teams%20enable%20enterprise%20voice%2C%20give%20it%20a%20line%20URI%2C%20dial%20plan%20and%20voice%20routing%20policy%2C%20it%20can%20take%20several%20hours%20before%20a%20dial-pad%20will%20eventually%20show%20up%20for%20that%20user.%20In%20some%20cases%2C%20it%20hasn't%20shown%20up%20after%20days%2Fweeks%20despite%20numerous%20reboots.%20The%20%22solution%22%20for%20that%20one%2C%20after%20having%20to%20open%20a%20case%2C%20seems%20to%20be%20going%20back%20and%20disabling%20and%20re-enabling%20enterprise%20voice%20on%20the%20account.%20Then%20after%20a%20few%20hours%2C%20the%20dial-pad%20usually%20eventually%20shows%20up.%20Unfortunately%2C%20I%20have%20at%20least%20one%20phone%20that%20I've%20done%20this%20a%20couple%20of%20times%20over%20the%20past%20week%20and%20it%20STILL%20has%20no%20dial-pad.%20I've%20not%20opened%20another%20case%20just%20yet%20because%20I'm%20simply%20too%20frustrated%20right%20now%20to%20do%20so%20for%20another%20Teams%20phone%20issue.%20And%20God%20knows%20how%20many%20of%20the%20hundreds%20of%20conference%20room%20phones%20deployed%20globally%20are%20actually%20missing%20their%20dial-pad%20right%20now.%20I%20have%20no%20way%20of%20knowing%20until%20it%20gets%20reported.%20I'm%20sure%20there%20are%20plenty%20for%20us%20that%20simply%20haven't%20been%20reported%20yet%20since%20thanks%20to%20COVID%2C%20our%20conference%20rooms%20aren't%20being%20heavily%20utilized%20just%20yet.%20Perhaps%20that's%20the%20one%20silver%20lining%20for%20us.%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20of%20all%20of%20those%20things%20aren't%20a%20big%20enough%20problem%2C%20there's%20the%20lack%20of%20ability%20to%20100%25%20remotely%20log%20a%20phone%20in.%20Recently%2C%20Microsoft%20added%20the%20%22remote%22%20provisioning%20feature.%20Apparently%20we%20have%20a%20different%20definition%20of%20%22remote%22%20though%20because%20for%20it%20to%20work%2C%20you%20have%20to%20give%20someone%20a%20code%20to%20punch%20in%20the%20screen%20of%20the%20phone%20before%20you%20as%20the%20administrator%20can%20then%20going%20into%20TAC%20and%20provide%20the%20credentials%20you'd%20like%20that%20phone%20to%20use.%20If%20there%20was%20truly%20an%20option%20for%20100%25%20remote%20login%20capability%2C%20then%20maybe%20the%20issue%20of%20phones%20logging%20out%20and%20not%20logging%20themselves%20back%20it%20would%20be%20a%20little%20less%20troublesome....but%20again%20that%20assumes%20you%20even%20know%20it's%20stuck%20at%20a%20login%20screen%20despite%20TAC%20showing%20is%20being%20logged%20in.%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20if%20you're%20going%20to%20do%20conference%20room%20and%20common%20area%20phones%2C%20you'll%20want%20to%20search%20for%20Jeff%20Schertz's%20blog%20posts%20about%20IP%20Phone%20Policy%20as%20it's%20not%20terribly%20well%20documented%20elsewhere.%20The%20policy%20setting%20is%20something%20that%20currently%20must%20be%20done%20via%20PowerShell%20and%20set%20on%20the%20account%20the%20phone%20will%20be%20logged%20in%20to.%20Along%20with%20the%20%22SignInMode%22%20option%2C%20you'll%20also%20want%20to%20look%20into%20%22hot%20desking%22%20which%20is%20enabled%20by%20default%20with%20a%202%20hour%20idle%20timeout.%20You'll%20want%20to%20either%20completely%20disable%20this%20feature%20for%20common%20area%20and%20conference%20room%20accounts%20or%20at%20least%20set%20the%20idle%20timeout%20to%20something%20more%20reasonable%20like%205-15min.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you're%20a%20small%20shop%20and%20can%20logistically%20physically%20%22babysit%22%20the%20phones%20easily%2C%20then%20maybe%20you'll%20be%20fine.%20If%20you're%20a%20global%20shop%2C%20best%20of%20luck%20to%20you.%20It's%20been%20a%20bit%20of%20a%20nightmare%20thus%20far.%20I've%20almost%20gone%20to%20the%20point%20of%20reverting%20the%20phones%20to%20Skype%20profile%20mode%20and%20just%20logging%20them%20in%20that%20way%20in%20hopes%20of%20greater%20stability%20for%20the%20time%20being....and%20that%20actually%20does%20work.%20However%2C%20then%20I'm%20left%20with%20hundreds%20of%20phones%20that%20at%20some%20point%20will%20have%20to%20be%20all%20physically%20touched%20again%20(due%20to%20lack%20of%20100%25%20remote%20login%20capability)%20to%20eventually%20convert%20them%20back%20to%20Teams%20native%20mode.%20The%20one%20touch%20meeting%20join%20experience%20is%20definitely%20nice%20but%20we%20had%20that%20with%20phones%20in%20Skype%20mode%20before%20already%20so%20that's%20nothing%20new%20just%20for%20Teams.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2539000%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2539000%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1030446%22%20target%3D%22_blank%22%3E%40BrandonJ365%3C%2FA%3E%26nbsp%3BThank%20you%20for%20taking%20time%20to%20add%20your%20detailed%20comment.%20A%20few%20things%3A%3C%2FP%3E%0A%3CP%3E1.%20For%20dialpad%20issues%2C%20please%20create%20a%20ticket%20and%20IM%20me%20the%20ticket%20number.%20I%20will%20help%20follow%20up%20with%20what%20is%20going%20on%20there.%20From%20our%20support%20tickets%2C%20I%20dont%20believe%20that%20this%20is%20a%20common%20occurrence.%20If%20it%20is%20frequent%2C%20this%20definitely%20warrants%20detailed%20investigations%20and%20we%20will%20look%20into%20it.%3C%2FP%3E%0A%3CP%3E2.%20As%20long%20as%20you%20are%20on%20the%20latest%20firmware%2Fapp%20versions%2C%20if%20your%20phone%20signs%20out%2C%20you%20can%20setup%20alerts%20to%20notify%20of%20a%20device%20that%20has%20signed%20out.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Falerts%2Fteams-admin-alerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Teams%20Monitoring%20and%20Alerting%20-%20Microsoft%20Teams%20%7C%20Microsoft%20Docs.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E3.%20You%20are%20right%20that%20we%20require%20a%20verification%20code%20to%20be%20entered%20on%20the%20device%20for%20%3CSTRONG%3Eprovisioning%3C%2FSTRONG%3E.%20This%20is%20ONLY%20for%20first%20time%20deployment%20of%20devices%20and%20is%20a%20security%20requirement.%20Once%20this%20is%20done%2C%20all%20authentication%20can%20be%20done%20remotely.%20So%2C%20if%20previously%20signed%20in%20devices%20sign%20out%2C%20you%20can%20remotely%20sign%20in%20from%20TAC.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2539472%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2539472%22%20slang%3D%22en-US%22%3EI%20greatly%20appreciate%20your%20time%20in%20responding!%20For%20your%20points%3A%3CBR%20%2F%3E1.%20I%20will%20try%20to%20open%20another%20ticket%20on%20this%20as%20soon%20as%20I%20have%20the%20time%20and%20will%20send%20you%20the%20case%20%23%20at%20that%20point.%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20I'll%20admin%20that%20I%20hadn't%20even%20seen%20the%20option%20for%20notifications%20so%20I%20appreciate%20you%20making%20me%20aware.%20However%2C%20I%20don't%20think%20that's%20going%20to%20work%20for%20this%20situation.%20At%20least%20in%20my%20version%20of%20the%20TAC%2C%20it%20appears%20that%20the%20only%20option%20here%20is%20for%20health%20status%20of%20%22offline%22.%20It's%20grayed%20out%20and%20thus%20doesn't%20seem%20I%20can%20change%20it%20to%20%22logged%20out%22.%20I%20also%20see%20that%20you%20must%20scope%20it%20to%20specific%20users%20which%20must%20be%20manually%20set.%20So%20I'm%20going%20to%20have%20to%20manually%20add%20hundreds%20of%20device%20user%20accounts%20to%20this%20list%20and%20keep%20up%20with%20that%20as%20more%20are%20added%3F%20That%20is%20not%20an%20Enterprise%20grade%20solution.%20Lastly%2C%20even%20if%20I%20could%20set%20the%20condition%20to%20monitor%20for%20a%20%22logged%20out%22%20situation%20AND%20I%20didn't%20have%20to%20manually%20maintain%20the%20user%20list%2C%20it%20still%20wouldn't%20help.%20As%20stated%20in%20my%20previous%20comments%2C%20as%20far%20as%20the%20TAC%20is%20concerned%2C%20it%20shows%20the%20phones%20to%20be%20logged%20in%20despite%20us%20looking%20directly%20at%20the%20phone%20and%20seeing%20it%20at%20a%20login%20screen.%20Again%2C%20if%20we%20power%20cycle%20it%2C%20it%20usually%20(but%20not%20always)%20will%20log%20right%20back%20in%20with%20it's%20proper%20original%20credentials.%20In%20a%20few%20cases%2C%20the%20phone%20had%20to%20be%20complete%20re-authed.%20The%20correct%20solution%20here%20is%20for%20the%20phone%20to%20attempt%20to%20re-auth%20with%20it's%20stored%20credentials.%20If%20it%20can%20do%20that%20after%20a%20power%20cycle%2C%20then%20why%20did%20it%20not%20keep%20retrying%20after%20whatever%20caused%20the%20%22logout%22%20to%20begin%20with%3F%20Btw%2C%20I%20had%20case%20open%20about%20this%20earlier%20in%20the%20year%20and%20the%20%22fix%22%20was%20for%20MS%20to%20disable%20the%20%22health%20reboots%22%20happening%20every%208%20hours%20of%20inactivity%20but%20was%20told%20it%20would%20be%20resolved%20in%20newer%20code.%20That%20was%20several%20versions%20ago%20and%20I%20don't%20know%20if%20whatever%20was%20done%20on%20our%20tenant%20to%20disable%20%22health%20reboots%22%20is%20still%20in%20place%20or%20not.%20That%20said%2C%20I%20can't%20say%20for%20sure%20if%20those%20health%20reboots%20are%20even%20causing%20this%20now%20like%20we%20saw%20before.%20For%20all%20I%20know...we%20could%20have%20had%20a%20network%20blip.%20Nonetheless%2C%20the%20phones%20should%20retry%20logging%20in...over%20and%20over.%3CBR%20%2F%3E%3CBR%20%2F%3E3.%20It's%20nice%20that%20if%20a%20phone%20truly%20is%20signed%20out%20as%20far%20as%20TAC%20sees%2C%20that%20it%20can%20be%20logged%20back%20in%20remotely.%20Unfortunately%20we%20don't%20necessarily%20know%20which%20account%20a%20specific%20phone%20should%20be%20using%20because%20we%20don't%20rename%20or%20tag%20the%20devices%20as%20they%20come%20online%2C%20again%2C%20because%20we%20simply%20have%20too%20many%20to%20do%20this%20and%20keep%20up%20with%20it%20manually%20and%20there%20doesn't%20seem%20to%20be%20a%20bulk%20way%20to%20do%20it.%20I%20have%20one%20phone%20right%20now%20that's%20fully%20logged%20out.%20When%20I%20try%20the%20remote%20sign-in%2C%20TAC%20does%20give%20me%20the%20%22most%20recent%20signed%20in%20user%22....cool.%20Unfortunately%2C%20this%20goes%20back%20to%20point%202%20where%20the%20phone%20at%20some%20point%20was%20left%20sitting%20at%20a%20login%20screen%20and%20a%20random%20user%20took%20it%20upon%20himself%20to%20log%20in%20with%20his%20own%20credentials.%20So%20basically%20we're%20stuck%20until%20someone%20at%20that%20site%20can%20determine%20which%20conference%20room%20this%20phone%20is%20in%20to%20know%20which%20account%20it%20should%20be%20signed%20in%20with.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546443%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1030446%22%20target%3D%22_blank%22%3E%40BrandonJ365%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20have%20the%20issue%20of%20phones%20showing%20as%20offline%20in%20the%20admin%20center%20even%20though%20they%20are%20working%20fine.%20Along%20with%20devices%20never%20showing%20up%20in%20the%20admin%20center.%20So%20with%202%20people%20reporting%20this%20issue%20its%20clearly%20a%20Microsoft%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20for%20the%20phones%20logging%20out%20we%20do%20get%20this%20but%20isn't%20common.%20However%20this%20remote%20provisioning%20is%20something%20I've%20never%20heard%20of%3F%20Is%20there%20a%20guide%20for%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20what%20is%20the%20best%2Fofficial%20way%20to%20report%20these%20issues%20as%20i%20have%20done%20so%20via%20azure%20portal%20%26amp%3B%20365%20portal%20with%20next%20to%20no%20success%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOverall%20i%20would%20say%20teams%20phones%20are%20very%20hit%20%26amp%3B%20miss%20possible%20not%20mature%20enough%20yet%20with%20information%20like%20the%20Intune%20bit%20scattered%20all%20over%20a%20number%20of%20MS%20articles%20which%20makes%20it%20hard.%20For%20example%20this%20mentions%20nothing%20of%20Intune%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fset-up-common-area-phones%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fset-up-common-area-phones%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELastly%20when%20setting%20up%20a%20new%20BNIB%20phone%20and%20your%20lucky%20enough%20to%20get%20the%20device%20to%20show%20up%20in%20TAC%20is%20it%20possible%20to%20patch%20to%20the%20last%20firmware%2Fapp%20in%20one%20go%3F%20its%20rather%20annoying%20when%20you%20have%20to%20repeat%20this%20step%20multi%20times%20as%20it%20goes%20up%20the%20versions%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2546461%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2546461%22%20slang%3D%22en-US%22%3EJeff%20Schertz%20has%20done%20a%20guide%20on%20remote%20provisioning.%20Generally%20speaking%2C%20he's%20the%20best%20source%20for%20useful%20information%3A%20%3CA%20href%3D%22https%3A%2F%2Fblog.schertz.name%2F2021%2F03%2Fprovisioning-teams-android-devices%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.schertz.name%2F2021%2F03%2Fprovisioning-teams-android-devices%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMy%20account%20Team%20urges%20that%20the%20proper%20way%20to%20report%20these%20issues%20is%20to%20open%20cases.%20For%20some%20issues%2C%20that's%20not%20too%20much%20of%20an%20issue.%20For%20issues%20of%20phone%20logging%20out%2C%20it%20would%20be%20like%20finding%20a%20needle%20in%20a%20needle%20stack%20to%20catch%20one%20that%20it's%20happened%20to%20and%20actually%20get%20useful%20logs.%20At%20least%20on%20a%20Trio%20C60%2C%20the%20logs%20are%20rolling%20in%2024%20hours%20or%20less.%3CBR%20%2F%3E%3CBR%20%2F%3ERegarding%20your%20issue%20with%20pushing%20code%20from%20the%20TAC%2C%20yes%2C%20it's%20frustrating.....end%20of%20story.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2566617%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2566617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3EThis%20is%20confusing%2C%20because%20there%20is%20nothing%20that%20states%20you%20must%20enroll%20a%20device%20into%20Intune%2C%20but%20everything%20in%20the%20support%20conversation%20has%20been%20that%20you%20%3CSTRONG%3Emust%3C%2FSTRONG%3E%20configure%20policies%20to%20enroll%20in%20Intune.%20In%20addition%2C%20this%20note%20that%20contradicts%20support%20and%20other%20items%20in%20this%20thread.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CUL%3E%3CLI%3EIf%20tenant%20admins%20want%20common%20area%20phones%20to%20be%20enrolled%20into%20Intune%2C%20they%20need%20to%20add%20an%20Intune%20license%20to%20the%20account%20and%20follow%20the%20steps%20for%20Intune%20enrollment.%3C%2FLI%3E%3CLI%3EIf%26nbsp%3Bthe%26nbsp%3Buser%26nbsp%3Baccount%26nbsp%3Bused%26nbsp%3Bto%26nbsp%3Bsign%26nbsp%3Binto%26nbsp%3Ba%26nbsp%3BTeams%26nbsp%3Bdevice%26nbsp%3Bisn't%26nbsp%3Blicensed%26nbsp%3Bfor%26nbsp%3BIntune%2C%20Intune%26nbsp%3Bcompliance%26nbsp%3Bpolicies%26nbsp%3Band%26nbsp%3Benrollment%26nbsp%3Brestrictions%26nbsp%3Bneed%26nbsp%3Bto%26nbsp%3Bbe%26nbsp%3Bdisabled%26nbsp%3Bfor%26nbsp%3Bthe%26nbsp%3Baccount.%3C%2FLI%3E%3C%2FUL%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3ESo%20can%20we%20get%20a%20clarification%3A%3C%2FP%3E%3CUL%3E%3CLI%3EWhy%20is%20Intune%20now%20required%20to%20manage%20devices%3F%3C%2FLI%3E%3CLI%3EWhy%20is%20it%20not%20required%20for%20CAP%20devices%3F%3C%2FLI%3E%3CLI%3EWhat%20if%20somebody%20isn't%20licensed%20for%20Intune%3F%3C%2FLI%3E%3CLI%3ENote%20above%20says%20you%20have%20to%20disable%20compliance%2Fenrollment%20in%20Intune%20options%20for%20the%20user%2C%20what%20if%20you're%20managing%205k%20users%3F%3C%2FLI%3E%3CLI%3EWhat%20is%20Intune%20doing%20for%20managing%20the%20devices%20that%20TAC%20isn't%20doing%3F%3C%2FLI%3E%3CLI%3EWhere%20is%20the%20documentation%20that%20states%20Intune%20%3CSTRONG%3Emust%3C%2FSTRONG%3E%20be%20used%2C%20when%20it%20wasn't%20a%20hard%20requirement%20before%3F%3C%2FLI%3E%3CLI%3EThis%20might%20be%20me%2C%20but%20I've%20seen%20this%20issue%20impact%20Tenants%20with%20external%20authentication%20(ADFS%2FDuo%2Fetc)%20versus%20those%20using%20Azure%2FOffice365.%20I%20can%20sign%20in%20my%20work%20account%20into%20a%20device%20with%20no%20Intune%20settings%20defined%2C%20first%20time%20every%20time.%20Signing%20into%20a%20customer%20Tenant%20that%20uses%20ADFS%20fails%20without%20those%20Intune%20settings.%26nbsp%3B%20Why%3F%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2566666%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2566666%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342739%22%20target%3D%22_blank%22%3E%40jangliss%3C%2FA%3E%20The%20key%20to%20all%20of%20the%20problems%20seems%20to%20center%20around%20if%20your%20Teams%20tenant%20is%20managed%2Fsecured%20by%20conditional%20access%20or%20not.%20Perhaps%20you%20aren't%20running%20conditional%20access%20but%20your%20customer%20is%3F%3CBR%20%2F%3E%3CBR%20%2F%3EBasically%2C%20if%20you%20are%20running%20CA%2C%20something%20besides%20just%20a%20username%20and%20password%20should%20be%20required%20to%20gain%20access%20to%20the%20protected%20resource.%20For%20example%2C%20you'd%20have%20to%20also%20be%20on%20a%20managed%20device%2C%20or%20coming%20from%20a%20managed%20network%2C%20or%20authenticated%20via%20MFA%2C%20etc.%20In%20the%20case%20of%20these%20phones%2C%20they%20are%20saying%20they%20must%20be%20InTune%20managed%20to%20be%20admitted%20by%20conditional%20access.%20As%20it%20turns%20out%2C%20there%20was%20a%20bug%20(security%20hole)%20for%20let's%20call%20it%2015%20months%20that%20was%20allowing%20these%20phones%20to%20authenticate%20to%20Teams%20despite%20never%20successfully%20%22passing%20the%20conditional%20access%20test%22%20of%20InTune.%20Microsoft%20found%20and%20fixed%20that%20bug%20so%20now%20either%20you%20must%20license%20all%20accounts%20that%20will%20login%20to%20Teams%20phones%20and%20allow%20enrollment%20into%20InTune%20or%20disable%20conditional%20access%20for%20your%20Teams%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20far%20as%20what%20InTune%20is%20doing%20to%20manage%20these%20devices....basically%20nothing.%20In%20fact%2C%20the%20phones%20really%20don't%20seem%20to%20play%20smoothly%20with%20InTune%20anyway.%20We%20have%20nearly%20300%20phones%20online%20now%20as%20seen%20by%20TAC.%20Somehow%20only%20just%20over%20200%20are%20showing%20to%20be%20enrolled%20in%20InTune%20and%20only%20just%20over%20half%20of%20them%20show%20as%20%22compliant%22%20despite%20them%20being%20identical%20devices%20with%20the%20same%20single%20policy%20applied%20to%20all.%20And%20most%20don't%20seem%20to%20check-in%20on%20the%20regular%20basis%20that%20an%20InTune%20enrolled%20device%20should.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2567329%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2567329%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1030446%22%20target%3D%22_blank%22%3E%40BrandonJ365%3C%2FA%3ESo%20that's%20the%20clearest%20it%20has%20been%20explained%20so%20far%2C%20thank%20you....%20But...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20tenant%2C%20the%20one%20that%20is%20working%2C%20has%20CA%20requiring%20MFA%20for%20new%20devices%2C%20and%20every%2030%20days.%20I%20don't%20use%20ADFS%2FDuo%2Fetc.%20Some%20of%20the%20customers%20that%20are%20seeing%20the%20issue%20do%20not%20have%20CA%2C%20but%20the%20common%20thread%20is%20that%20they%20are%20using%20ADFS%2FDuo%2Fetc.%26nbsp%3B%20Basically%20the%20issue%20is%20occurring%20inverse%20to%20what%20you%20said%20should%20be%20happening.%20%3CEM%3EI%3C%2FEM%3E%20should%20have%20to%20put%20the%20device%20policies%20in%20place%20in%20my%20tenant%20because%20I%20have%20CA%20MFAs%2C%20where%20as%20my%20customers%20shouldn't%20have%20to%2C%20unless%20they%20also%20have%20CA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20understanding%20as%20well%2C%20the%20CA%20in%20Intune%20is%20the%20same%20as%20in%20Azure%20AD.%20CA%20applies%20across%20the%20board%2C%20and%20that%20CA%20is%20actually%20licensed%20under%20Azure%20AD%20Premium%20(P1%2FP2)%2C%20not%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20I'm%20missing%20something%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2574856%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2574856%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342739%22%20target%3D%22_blank%22%3E%40jangliss%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1030446%22%20target%3D%22_blank%22%3E%40BrandonJ365%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20can%20anyone%20actually%20say%20they%20have%20this%20working%20correctly%20and%20be%20confident%20with%20the%20system%20as%20im%20pulling%20my%20hair%20out%20with%20this%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20a%20user%20signs%20in%20with%20a%20CAP%20license%20all%20is%20fine%2C%20Its%20up%20to%20the%20point%20someone%20signs%20in%20with%20higher%20license%20which%20includes%20intune.%20The%20device%20tries%20to%20register%20into%20endpoint%20but%20fails.%20At%20this%20point%20the%20phone%20is%20rendered%20a%20paper%20weight%2C%20No%20one%20either%20with%20or%20without%20a%20intune%20license%20can%20sign%20in.%20Either%20fails%20and%20loops%20round%20or%20signs%20in%20as%20%22Unknown%20User%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20only%20have%20one%20CA%20for%20MFA%2C%20Ive%20added%20the%20Enrolment%20restriction%20mentioned%20in%20the%20fix%20for%20this%20forum.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIdeally%20i%20want%20any%20user%20CAP%20or%20higher%20to%20be%20able%20to%20sign%20in%20with%20no%20issues%20and%20the%20device%20not%20to%20enrol%20into%20intune%3F%20Is%20this%20even%20possible%20now%20as%20the%20public%20MS%20information%20is%20very%20conflicting%2C%20had%20no%20issues%20up%20until%20this%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63915%22%20target%3D%22_blank%22%3E%40Kruthika%20Ponnusamy%3C%2FA%3E%26nbsp%3Bprovide%20a%20list%20of%20everything%20thats%20needed%20to%20be%20in%20place%3F%20This%20would%20make%20life%20alot%20easier%20for%20all.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575001%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575001%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20sure%20why%20you%20would%20let%20a%20user%20sign%20in%20with%20a%20CAP%20license.%20We%20have%20created%20dedicated%20accounts%20for%20the%20Common%20Area%20Phones.%20To%20prevent%20the%20logon%20issue%20happening%20we%20are%20using%20AAD%20(cloud%20only)%20accounts%20for%20the%20CAP%20devices.%20This%20also%20takes%20away%20the%20need%20to%20enroll%20into%20Intune%2C%20at%20least%20in%20our%20case.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20want%20the%20device%20to%20enroll%20into%20Intune%20you%20need%20to%20enable%20the%20Android%20Device%20Administrator%20option%20for%20personal%20or%20corporate%20devices.%20We%20are%20using%20the%20corporate%20device%20option%20here%20which%20does%20have%20then%20the%20requirement%20to%20register%20the%20phone's%20serial%20number%20as%20corporate%20identifier%20in%20Intune.%20We%20are%20using%20this%20scenario%20for%20normal%20User%20phone's%20and%20our%20users%20have%20the%20full%20Intune%20license.%3CBR%20%2F%3E%3CBR%20%2F%3EBoth%20setups%20work%20fine%20for%20us.%20But%20you%20are%20right%20that%20Microsoft%20needs%20to%20come%20up%20with%20clear%20documentation%20on%20this%20topic.%20We%20also%20still%20have%20an%20open%20ticket%20with%20them%20on%20this%20topic.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575052%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575052%22%20slang%3D%22en-US%22%3EWe%20have%20a%20mix.%20Some%20phones%20will%20sign%20in%20as%20a%20CAP%20user%20and%20that%20will%20be%20it%20for%20the%20rest%20of%20the%20phones%20life.%20However%20in%20some%20of%20our%20areas%20these%20will%20get%20signed%20out%20and%20a%20normal%20user%20will%20sign%20in.%20Once%20this%20happens%20it%20renders%20the%20phone%20useless.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2575080%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2575080%22%20slang%3D%22en-US%22%3EHi%2C%20yes%20this%20is%20behavior%20I%20have%20seen%20before.%20When%20we%20re-use%20a%20CAP%20phone%20to%20be%20used%20as%20normal%20User%20phone%20we%20perform%20a%20factory%20reset%20first.%3CBR%20%2F%3EThis%20should%20prevent%20the%20issue%20you%20are%20describing.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2581672%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2581672%22%20slang%3D%22en-US%22%3EWe%20have%20recently%20published%20tenant%20admin%20documentation.%20The%20questions%20you%20are%20asking%20are%20addressed%20in%20either%20of%20these%202%20links.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fdevices%2Fphones-displays-deploy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fdevices%2Fphones-displays-deploy%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fitadmin-readiness%23teams-android-devices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fitadmin-readiness%23teams-android-devices%3C%2FA%3E%20%3CBR%20%2F%3E%3CBR%20%2F%3EAt%20a%20high%20level%3A%3CBR%20%2F%3E1.%20if%20you%20have%20(intune%20license%20%2B%20device%20management%20policies%20setup%20for%20the%20account%20used%20to%20sign%20into%20the%20Teams%20phone)%2C%20there%20are%20certain%20requirements%20you%20have%20to%20meet%20w.r.t%20endpoint%20management.%20This%20is%20covered%20in%20the%20links%20above.%3CBR%20%2F%3E2.%20If%20you%20dont%20have%20intune%20license%2C%20make%20sure%20that%20Intune%20CA%20policies%20are%20disabled%20for%20the%20account.%3CBR%20%2F%3E3.%20If%20you%20have%20CAP%20license%2C%20Intune%20license%20is%20an%20add-on.%20See%20%232%20above.%3CBR%20%2F%3E4.%20Device%20management%20via%20Teams%20Admin%20Center%20does%20not%20provide%20endpoint%20management.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594047%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594047%22%20slang%3D%22en-US%22%3EInteresting%20how%20discussion%20came%20to%20the%20different%20flow.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20my%20microsoft%20ticket%20engineer%20confirmed%20a%20bug%20regarding%20the%20behavior%20when%20device%20is%20freezing%2Flogging-out%20etc.%20with%20new%20Teams%20agent.%3CBR%20%2F%3EAnd%20there%20should%20be%20released%20new%20firmware%20at%20least%20for%20Yealink%20devices.%3CBR%20%2F%3EHope%20will%20be%20the%20same%20for%20Polycom.%3CBR%20%2F%3E%3CBR%20%2F%3ERegarding%20CAP%20license%20I%20don't%20really%20get%20the%20point.%3CBR%20%2F%3EYou%20don't%20need%20to%20use%20Intune%20enrollment%20for%20it.%3CBR%20%2F%3ECAP%20licensed%20account%20can%20normally%20login%20via%20%22sign-in%20from%20another%20device%22%20or%20if%20you%20setup%20some%20CA%20policy%20like%20IP%20based%20access%20you%20can%20access%20via%20user%2Fpassword%20from%20the%20phone.%3CBR%20%2F%3EI%20don't%20see%20any%20real%20reason%20to%20add%20Intune%20license%20for%20such%20accounts.%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20better%20to%20use%20the%20same%20way%20for%20Audio%20Conference%20devices%20(with%20Meeting%20room%20licenses)%20because%20Intune%20is%20buggy%20and%20devices%20sometimes%20freezes.%3CBR%20%2F%3EI'm%20not%20talking%20about%20incidents%20when%20Intune%20degradation%20caused%20almost%20150%2B%20phones%20in%20my%20company%20becomes%20unusable%20(user%20phones%20as%20well).%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20user%20phones%20it's%20quite%20clear.%20You%20cannot%20login%20user%20without%20proper%20CA%20and%20Intune%20policy%20combination.%3CBR%20%2F%3E%3CBR%20%2F%3EAnyway%20we%20will%20wait%20for%20a%20fix%20from%20microsoft.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594068%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594068%22%20slang%3D%22en-US%22%3EVery%20interesting.%20I've%20been%20%22screaming%22%20about%20logout%20issues%20for%20a%20long%20time%20now%20and%20have%20yet%20to%20be%20given%20any%20indication%20that%20anyone%20else%20has%20had%20those%20issues%2C%20any%20code%20fixes%2C%20or%20anything!%20I%20have%20been%20told%20that%20we%20aren't%20the%20only%20ones%20with%20the%20new%20InTune%20enrolled%20devices%20NOT%20checking%20in%20daily%20like%20they%20should.%20I%20tend%20to%20believe%20this%20is%20related%20to%20the%20logout%20issues%20but%20can't%20say%20for%20sure.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594076%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594076%22%20slang%3D%22en-US%22%3ESame%20for%20us.%20I%20still%20have%20an%20open%20ticket%20with%20MS%20and%20they%20keep%20asking%20me%20to%20reproduce%20the%20issue%20and%20send%20logs.%20But%20no%20confirmation%20the%20issue%20is%20on%20their%20Teams%20client.%20So%20it%20is%20good%20that%20finally%20someone%20within%20MS%20is%20acknowledging%20this.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20the%20User%20devices%20we%20do%20use%20the%20Intune%20enrollment%20with%20Device%20Administrator%20which%20prevents%20(at%20least%20for%20us)%20the%20logon%20loop%20issue.%20We%20have%20not%20seen%20any%20issues%20on%20the%20phones%20coming%20from%20Intune%20management%20so%20don't%20really%20understand%20what%20happened%20in%20your%20case.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20CAP's%20we%20are%20using%20AAD%20accounts%20bypassing%20the%20ADFS%20authentication%20and%20the%20need%20to%20add%20an%20Intune%20license.%20This%20works%20well%20for%20us.%20(So%20far)%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20it%20is%20interesting%20to%20see%20if%20the%20new%20Teams%20client%20for%20Yealink%20devices%20will%20remediate%20the%20need%20to%20enroll%20devices%20into%20Intune.%20Because%20I%20agree%20that%20for%20the%20IP%20phones%20their%20is%20no%20real%20added%20value%20to%20have%20them%20enrolled.%20The%20TAC%20management%20is%20fine%20for%20us.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594079%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594079%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1030446%22%20target%3D%22_blank%22%3E%40BrandonJ365%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20funny%20you%20mention%20logout%20issues%20because%20that's%20come%20up%20with%20a%20couple%20of%20my%20customers%20recently%20too%20since%20this%20firmware%20updates.%26nbsp%3B%20I%20suspect%20it's%20tied%20to%20Intune%20as%20well.%26nbsp%3B%20An%20issue%20discussed%20on%20a%20Poly%20partner%20call%20yesterday%20was%20the%20same%20device%20registering%20multiple%20times%20under%20a%20single%20account%2C%20causing%20the%20account%20to%20run%20into%20the%20max%20device%20limitations%2C%20we've%20seen%20that%20with%20a%20few%20customers%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20been%20testing%20the%20registration%20exception%20with%20a%20number%20of%20folks%20to%20see%20the%20impact.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2594896%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2594896%22%20slang%3D%22en-US%22%3ESo%20a%20new%20firmware%20version%20just%20showed%20up%20this%20morning%20for%20our%20C60s....v7.0.3.0517.%20I%20can't%20find%20much%20detail%20about%20what%20it%20should%20fix%20(or%20break).%20I%20did%20find%20this%20but%20doesn't%20say%20much%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport2.polycom.com%2Fcontent%2Fdam%2Fpolycom-support%2Fproducts%2Fvoice%2Frealpresence-trio%2Frelease-notes%2Fen%2Fpoly-trio-c60-7-0-3c-rn.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport2.polycom.com%2Fcontent%2Fdam%2Fpolycom-support%2Fproducts%2Fvoice%2Frealpresence-trio%2Frelease-notes%2Fen%2Fpoly-trio-c60-7-0-3c-rn.pdf%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2596031%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2596031%22%20slang%3D%22en-US%22%3EWhat%20about%20companies%20who%20do%20not%20use%20Intune%20or%20do%20not%20want%20to%20use%20Intune%20for%20the%20IP%20phone%20management%3F%20Is%20there%20a%20solution%20that%20Microsoft%20can%20offer%20for%20these%20use%20cases%3F%3CBR%20%2F%3EI%20like%20to%20compare%20it%20to%20the%20Teams%20Meeting%20Room%20Devices%20where%20you%20have%20no%20need%20for%20Intune%20enrollment.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611508%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611508%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342739%22%20target%3D%22_blank%22%3E%40jangliss%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20this%20registration%20exception%20you%20mentioned%3F%26nbsp%3B%20I'm%20testing%20out%20six%20different%20Yealink%20phones%20and%20have%20hit%20the%20InTune%20device%20limit%20by%20logging%20on%20and%20off%20the%20same%20devices%20too%20many%20times.%26nbsp%3B%20I'm%20assuming%20if%20a%20user%20were%20to%20log%20in%20and%20out%20of%20their%20desk%20phone%20more%20than%2015%20times%20they%20will%20hit%20the%20limit%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611761%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611761%22%20slang%3D%22en-US%22%3EAgreed.%20InTune%20seems%20to%20just%20foul%20things%20up.%20Even%20with%20devices%20added%20with%20a%20corporate%20identifier%20InTune%20feels%20the%20need%20to%20intervene%20and%20declare%20the%20device%20as%20new%20and%20count%20it%20towards%20a%20user's%20device%20limit%20that%20can't%20be%20raised%20beyond%2015.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2758408%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2758408%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342739%22%20target%3D%22_blank%22%3E%40jangliss%3C%2FA%3ESuper%20surprised%20this%20hasn't%20been%20answered%20yet%20but%20the%20simplest%20resolution%20I've%20found%20for%20this%20is%20the%20following%3A%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20Endpoint%20Manager%2C%20Navigate%20to%20Devices%2FEnroll%20Devices%2FEnrollment%20Restrictions%2FDevice%20type%20restrictions%2C%20make%20sure%20the%20Android%20Enterprise%20and%20Android%20DA%20are%20set%20to%20allow%20but%20leave%20personally%20owned%20set%20to%20blocked%20(or%20whatever%20choice%20is%20desired%20here).%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20navigate%20to%20Devices%2FEnroll%20Devices%2FCorporate%20device%20identifiers%2C%20here%20you%20will%20want%20to%20add%20the%20serial%20number%20(not%20mac)%20of%20the%20devices%20being%20used.%3CBR%20%2F%3E%3CBR%20%2F%3EUnfortunately%2C%20M%24%20has%20not%20provided%20a%20way%20for%20intune%20to%20differentiate%20IP%20phones%20from%20%22personally%20owned%22%20devices%20(or%20provide%20an%20actual%20administration%20console%20for%20them)%20however%2C%20shout%20out%20to%20Eric%20O%20for%20pointing%20me%20in%20this%20direction.%20It%20took%20a%20lot%20of%20hours%20to%20figure%20it%20out%20but%20by%20adding%20the%20corporate%20ID%2C%20these%20devices%20bypass%20any%20enrollment%20restrictions%20imposed%20on%20personal%20devices.%20Ultimately%2C%20i%20would%20still%20suggest%20the%20CA%20policies%20for%20the%20individual%20model%20of%20phone%20in%20AAD%20to%20reduce%20the%20number%20of%20%22false%20positives%22%20for%20compliance%20issues%20in%20intune%20but%20if%20your%20not%20using%20it%20to%20manage%20other%20devices%2C%20this%20isnt%20a%20necessary%20step.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIMO%2C%20the%20InTune%20team%20should%20figure%20out%20a%20way%20to%20mark%20all%20of%20the%20certified%20teams%20phones%20as%20corporate%20by%20default%2C%20should%20be%20pretty%20easy%20by%20manufacturer%2Fmodel...%20im%20pretty%20sure%20no%20one%20has%20bought%20one%20of%20them%20for%20personal%20use.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2760810%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2760810%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1158410%22%20target%3D%22_blank%22%3E%40kylecombs%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EThen%20navigate%20to%20Devices%2FEnroll%20Devices%2FCorporate%20device%20identifiers%2C%20here%20you%20will%20want%20to%20add%20the%20serial%20number%20(not%20mac)%20of%20the%20devices%20being%20used.%3CBR%20%2F%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3EThis%20is%20a%20nice%20way%20of%20handling%20it%2C%20versus%20adding%20policies%20to%20block%20registrations%20for%20all%20android%20enterprise%20devices%2C%20which%20was%20Microsoft's%20recommendation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2801881%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2801881%22%20slang%3D%22en-US%22%3EThis%20solution%20was%20already%20put%20in%20this%20thread%20by%20me.%20The%20point%20here%20is%20that%20using%20Intune%20is%20a%20workaround%20for%20the%20root%20issue.%20The%20logon%20loop%20when%20not%20using%20Intune%20is%20the%20real%20issue%20here.%20In%20fact%20when%20we%20started%20with%20the%20IP%20phones%20in%202020%20there%20was%20no%20need%20to%20use%20Intune%20to%20connect%20the%20IP%20phones%20to%20the%20Teams%20Admin%20Center.%3CBR%20%2F%3EIt%20was%20after%20an%20update%20of%20the%20Teams%20app%20that%20this%20issue%20started%20happening.%20I%20have%20been%20in%20a%20ticket%20about%20this%20issue%20with%20Microsoft%20since%20May%20of%20this%20year%20and%20there%20statements%20about%20the%20solution%20have%20changed%20a%20couple%20of%20times.%3CBR%20%2F%3ETo%20me%20Microsoft%20does%20not%20want%20to%20admit%20they%20caused%20the%20issue%20in%20the%20first%20place.%20Our%20company%20want%20to%20manage%20the%20IP%20phones%20just%20like%20we%20manage%20other%20Teams%20Devices%20by%20just%20connecting%20them%20to%20the%20Teams%20Admin%20center.%20And%20not%20Intune%2C%20because%20that%20does%20not%20give%20an%20added%20value.%3CBR%20%2F%3E%3CBR%20%2F%3EBy%20they%20way%20this%20issue%20does%20not%20occur%20if%20you%20use%20AAD%20user%20accounts%20for%20the%20IP%20phones....%3CBR%20%2F%3EMy%20ticket%20with%20Microsoft%20will%20remain%20open%20until%20the%20fix%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2821125%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Phone%20device%20refuse%20login%20with%201449%2F1.0.94.2021033002%20firmware%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2821125%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20in%20your%20case%20it%20at%20least%20works.%3CBR%20%2F%3EFor%20us%20Intune%20doesn't%20help%20at%20all%20as%20device%20is%20not%20able%20to%20register%20in%20it.%3CBR%20%2F%3EIt%20freezes%20or%20dropping%20on%20the%20registration%20stage%20(both%20poly%20and%20yealink).%3CBR%20%2F%3EAnd%20we've%20also%20noted%20that%20Android%20MTRs%20like%20Poly%20Studio%20or%20Logi%20Mini%20Bar%20are%20also%20affected%20as%20they''re%20most%20probably%20using%20the%20same%20kind%20of%20Teams%20Agent.%3CBR%20%2F%3EUsing%20previous%20version%20of%20firmware%20solves%20the%20issue.%3CBR%20%2F%3EDisappointing%20situation.%3CBR%20%2F%3EWe'll%20see%20what%20happens%20after%20promised%20fix%20by%20Microsoft.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Has anybody been using ADFS with Teams noticed an issue with the last two firmware updates, when performing logins off-network?

 

I have a customer running Yealink MP56 phones and the latest firmware 122.15.0.36 running Teams App 1449/1.0.94.2021022403 or 1449/1.0.94.2021033002 can no longer login using either the device login code or typing user/pass. The login seems to get stuck in a loop between device registration and preparing the device.

 

I suspect this is partially to do with the ADFS configuration not using UPN for authentication, but this wasn't an issue prior to 1449/1.0.94.2021022403.

77 Replies
I'm having the same issue with a Yealink T55A. Once the update was completed, the phone will not receive a device code for provisioning.
Same issue here. Yealink MP54 and AudiocodesC450HD.
Are you able to open a support ticket with Microsoft? Can you send me the ticket number as a message you've opened it?
Don't know if this helps anyone, but I opened tickets with Microsoft Teams support, Azure support, and Yealink. So far, everyone is saying it's someone else's issue. This has been going on for about 9 days.
It would be helpful if you can send me a message with the Microsoft Teams ticket details. I am a PM in the team, and would like to see this ticket.
DM sent with ticket number. I did speak with a contact at Yealink yesterday and they suggested a possible issue with device count limits, but I realized this morning I'm trying to login to the same device I already have registered under the tenant so it shouldn't (in theory) be that.

Rolling back to an earlier firmware and Teams app from last year seems to resolve the issue. Upgrading again breaks it.
I sent the ticket information in a DM. The ticket with Azure was closed because it was a 'duplicate' ticket. Yealink also said it may be a problem with too many devices for the user, but only one is assigned and I have set my company limit to 20, so that should not be an issue. I am going to try to downgrade it today, similar to what jangliss did, to see if my problem is fixed.

@Jacob_B 

 

I am assuming you are using ADFS? Did Microsoft gather the ADFS logs from your failed attempts? I'm working on gathering those myself.

 

I've gone back and done additional testing and it doesn't appear to be limited to a particular vendor. I've tested with Poly CCX 400, CCX 500, and CCX 700, AudioCodes HD450, Yealink T56A, T58A, and MP56.  It's after deploying the February update which appears to be bundled with most of the latest firmwares from the vendors, things break.  Going to roll back a few firmware and do additional testing to verify.

If possible, could you send this ticket information to me as well? I am deploying an MP56 with the same firmware/Teams version, and the same problem.

Also, to confirm, are you seeing the "Oops, you can't access this right now." error when attempting to login?
I was not able to find any failed logins in any of the Microsoft cloud services, it's like the device is not connecting or seeing Microsoft at all. I checked my firewall to verify that no ports needed to access and run Teams are being blocked. Downgrading did not help, so no luck there. I sent a video of the issue to Microsoft today for them to view the problem that I am running into.
FYI - the phone is not saving the time settings when it's rebooted which may be part of the problem.
I originally opened this thinking it might have been ADFS related, but also seeing this across tenants not using ADFS. This seems like a big issue!
We are having the same issue with Poly C60 conference room phones once updated to firmware 7.0.2.1071. This firmware comes with Teams App 1449/1.0.94.2021022403 and we get the same login loop. I've tried updating to Teams App 1449/1.0.94.2021033002 but problem persists. I have tried both the original web login method as well as the new remote provision/login method and both result in the same login loop.

If I roll the firmware back to 5.9.5.3153 and Teams App 1449/1.0.94.2020121001, I can web login the phone again without issue. I can then fully upgrade the phone's firmware and Teams App version to latest and the phone will stay logged in. However, if I log it out, I can't log it back in as it gets stuck in the same loop.
The biggest issue of all is that there's no way to stop these phones from automatically getting the update eventually! Deferring for 90 days is the best we can do and that's a very manual process to have to set each and every phone as they come in. Imagine how rough it's going to be when you have hundreds of phones!
Has anyone found a real solution to this issue? I am about to start rolling back firmware but was hoping someone has an answer.
I've not heard anything back on our open Microsoft support ticket but the more people that open tickets, the more visibility this is going to get for quicker resolution.
I'd definitely agree. Open tickets if you haven't already. I've not heard anything from support on my ticket other than "sorry for the delay, we're waiting to hear back from engineering".