The first time I worked with Yealink CP900 series conference phones I just signed-in and everything worked. Just had to create the User's and teams licensing. When we moved in September to our new corporate location (all new network and firewall), We ran into this issue with signing-in, Company Portal loop. A colleague had been assigned the conference room set-up task. We had a temp suite with SOHO internet gateway and I suggested that he take one of the newer MP54 huddle-room phones there to test. Worked immediately. So this would tend to point firewall rather than compliance (as I have the slider over to if no policy, mark as compliant for now). But issue remains. I will work on this after the Christmas holiday and report back. This is the first useful documentation I have found in in my part-time searches trying to find an answer to this behavior.
Hi Mike, great stuff! I do have a question. For Enrollment Device Platform Restrictions, if I were to create a restriction specific to Teams Calling Devices, do I simply Block both settings for the Default restriction for Android Device Administrator? I don't see a way to remove that Platform otherwise. Struggling just a little trying to understand the best way for all the policies to stand on their own and peel them out of our current collective policies.
Remove the Intune app from the users(resource account) license in M365 Admin Center. This link shows how to do it for PowerApps. Just pick Intune instead of PowerApps. learn.microsoft.com/en-us/power-platform/admin/signup-question-and-answer#steps-to-remove-power-apps-licenses-from-users Without an Intune license, Intune will not be used. However, make sure your Conditional Access policy isn't checking for a compliant device. That setting requires Intune to determine if the device is compliant. Without an Intune license, you can't check for compliance, and the sign in will be blocked.
Just came across this as I am having a nightmare trying to get teams devices signed in. Ive followed this set up - I have only 1 Conditional access policy set up and ive filtered based on our yealink devices. It doesn't matter what I do, these devices refuse to sign in. I get "couldn't connect to workplace join" . I need to sort this as this is a pilot prior to us rolling out teams voice!
Couldn't connect to Workplace Join implies it's an Azure AD issue. 1. Can you block the Conditional Access policy from firing for the device? Go to endpoint.microsoft come, click on Users, then Sign-in logs. The logs might tell you where it is tripping up for that account. Go to Endpoint Security/Conditional Access/Policies/What if. Enter the relevant information and make dure you are hitting the Conditional Access Policy you are intending to hit.
@@flinchbot Thanks for the reply! CA all is fine, the group I have correctly excludes it. Im thinking its more to do with Authentication as entering any account results in company portal spinning with an eventual "Couldnt connect to workplace join"
Great session as always! Big fan of the channel
Thanks Michel! I appreciate your support.
Great tutorial Michael. Always a pleasure to watch your videos!
Thanks!
great info, hard to find it somewhere else
thanks a lot!
The first time I worked with Yealink CP900 series conference phones I just signed-in and everything worked. Just had to create the User's and teams licensing. When we moved in September to our new corporate location (all new network and firewall), We ran into this issue with signing-in, Company Portal loop. A colleague had been assigned the conference room set-up task. We had a temp suite with SOHO internet gateway and I suggested that he take one of the newer MP54 huddle-room phones there to test. Worked immediately. So this would tend to point firewall rather than compliance (as I have the slider over to if no policy, mark as compliant for now). But issue remains. I will work on this after the Christmas holiday and report back. This is the first useful documentation I have found in in my part-time searches trying to find an answer to this behavior.
Thanks for another great video. You do an amazing job education us.
Tak!
Really great video. However, the approach was slightly different to your first video some months ago. Anyhow, I guess, I got it by now.
Hi Mike, great stuff! I do have a question. For Enrollment Device Platform Restrictions, if I were to create a restriction specific to Teams Calling Devices, do I simply Block both settings for the Default restriction for Android Device Administrator? I don't see a way to remove that Platform otherwise. Struggling just a little trying to understand the best way for all the policies to stand on their own and peel them out of our current collective policies.
What do i do if i wanted to prevent intune enrollment for Teams devices?
Remove the Intune app from the users(resource account) license in M365 Admin Center. This link shows how to do it for PowerApps. Just pick Intune instead of PowerApps.
learn.microsoft.com/en-us/power-platform/admin/signup-question-and-answer#steps-to-remove-power-apps-licenses-from-users
Without an Intune license, Intune will not be used. However, make sure your Conditional Access policy isn't checking for a compliant device. That setting requires Intune to determine if the device is compliant. Without an Intune license, you can't check for compliance, and the sign in will be blocked.
Just came across this as I am having a nightmare trying to get teams devices signed in. Ive followed this set up - I have only 1 Conditional access policy set up and ive filtered based on our yealink devices. It doesn't matter what I do, these devices refuse to sign in. I get "couldn't connect to workplace join" . I need to sort this as this is a pilot prior to us rolling out teams voice!
Couldn't connect to Workplace Join implies it's an Azure AD issue. 1. Can you block the Conditional Access policy from firing for the device? Go to endpoint.microsoft come, click on Users, then Sign-in logs. The logs might tell you where it is tripping up for that account.
Go to Endpoint Security/Conditional Access/Policies/What if. Enter the relevant information and make dure you are hitting the Conditional Access Policy you are intending to hit.
@@flinchbot Thanks for the reply! CA all is fine, the group I have correctly excludes it. Im thinking its more to do with Authentication as entering any account results in company portal spinning with an eventual "Couldnt connect to workplace join"
Awesome video, I learnt a lot