A common scenario you may face when rolling out Teams Phones (such as the Poly CCX400, or Yealink T-56A) or Teams collaboration bars (like the Poly X30/X50 with the TC8 touch screen) is a failure to register the device with Intune.
Worse still, if you have a conditional access policy set within Azure AD to block non-compliant devices from signing in to Office 365, your handset won’t be able to sign in to Teams.
What Causes Intune Enrollment Issues?
There’s a few key things that can cause enrollment issues with your Teams Phones. Let’s take a look at each of them
To enroll your Teams Phones in Intune, the account that signs in to to phone must be licensed with an Intune license. Be sure to check the users assigned licensing in the Office 365 portal, and ensure Microsoft Intune is ticked under Apps
Device Administrator Privileges
Ensure you have device administrator enabled to manage Android devices.
You’ll find this within Intune under Devices > Enroll Devices > Android Enrollment > Personal and corporate-owned devices with device administrator privileges
You may have enabled enrollment restrictions within your environment to block users from enrolling non-corporate devices (like their personal android device). This policy will also catch your Teams Phones too.
You’ll find this under Devices > Enroll Devices > Enrollment Restrictions
If you do have enrollment restrictions turned on for personal android devices, you’ll need to add each Teams Phones’ Mac address under Devices > Enroll Devices > Corporate device identifiers
A note about Poly’s TC8
There’s a known issue with Poly’s TC8 where the device does not present the devices serial number to Intune. This causes enrollment failures where even if the TC8 serial number is entered into the corporate Device Identifiers list in Intune, the device will fail to be recognised as a corp device, and will instead be recognised as a personal device.
Poly have a work-around for that here: Solved: Poly TC8 and Teams – Poly Community
Waiting enough time between changes
Be sure to wait at least 15 minutes between making a change within the Intune or Office 365 portal, and then testing the change on your Teams Phone device. Changes do take time to replicate within the back end, so remember to be patient!
Thanks for this great post.
However does one really have to enter the MAC address and not the serial no.under the corporate identifiers?
Serial number will work
Craig, you have just saved me so much headache!! thanks so much! This resolved enrollment issues with some collabOS meetings devices I had.
Does a Microsoft Teams Rooms license take care of the licensing requirements? We have a strange situation where we set up a device successfully with one account that had a Rooms license assigned. We later moved the device so we assigned it a new account with a teams rooms license. We can’t sign in with the new account because it says Intune enrollment failed. We never saw the device in Intune before with the successful account.
The Teams Room standard license includes an Intune license. Is this for an Android-based MTR? Ensure your intune enrollment policy allows it to enroll.
Hi! I am very new to the concept of enrolling Teams hard phones into Intune, apologies for the very basic question. Outside of the prerequisites you shared, what is the actual process on the phone? Does the company portal app get installed on the phone itself and then you enroll by logging into the app?
Not a basic question! 🙂
The phone has the company portal and team app installed on it. When you sign in to the phone, in contacts Azure AD, Intune (to enroll) and then Teams to sign in.
Thanks! Yes, I have now over the past few days become much more familiar.
I’m now understanding all the factors involved like Intune, Conditional access, and NTP/DHCP.
One last thing is hanging me up, I need to add a trusted root certificate on all our poly teams phones, what are my options, is it only the web UI, is there no other option that is not so tedious for doing lots of phones on a large rollout?