Teams devices for IT Pros 2: Intune Compliance & Conditional Access with Teams Android devices
Вставка
- Опубліковано 8 сер 2024
- This video walks you through setting up and configuring Microsoft Intune and Azure Active Directory Conditional Access to secure the sign-in of your Teams Android devices. It also covers adding Teams android devices to your configuration when you already have existing Conditional Access and Compliance Policies in place.
Traci Herr walks me through setting up everything as well as explaining why we should set up things in certain ways.
Traci has also written an article which covers this same topic. You can read that here - ucmess.wordpress.com/2022/08/...
0:00 Introduction
0:57 Scenario description
1:57 Endpoint Manager
2:20 What is Intune enrollment?
2:49 Configure Android enrollment
9:58 Intune Compliance Policies
18:10 What is Conditional Access?
19:12 Configure Conditional Access
37:24 Stale objects and device limits
43:40 Testing and validating phone sign-in
51:18 Troubleshooting Intune license error
52:52 Why we got Intune license errors - Наука та технологія
Great session as always! Big fan of the channel
Thanks Michel! I appreciate your support.
Great tutorial Michael. Always a pleasure to watch your videos!
Thanks!
great info, hard to find it somewhere else
thanks a lot!
Thanks for another great video. You do an amazing job education us.
Tak!
Awesome video, I learnt a lot
The first time I worked with Yealink CP900 series conference phones I just signed-in and everything worked. Just had to create the User's and teams licensing. When we moved in September to our new corporate location (all new network and firewall), We ran into this issue with signing-in, Company Portal loop. A colleague had been assigned the conference room set-up task. We had a temp suite with SOHO internet gateway and I suggested that he take one of the newer MP54 huddle-room phones there to test. Worked immediately. So this would tend to point firewall rather than compliance (as I have the slider over to if no policy, mark as compliant for now). But issue remains. I will work on this after the Christmas holiday and report back. This is the first useful documentation I have found in in my part-time searches trying to find an answer to this behavior.
Hi Mike, great stuff! I do have a question. For Enrollment Device Platform Restrictions, if I were to create a restriction specific to Teams Calling Devices, do I simply Block both settings for the Default restriction for Android Device Administrator? I don't see a way to remove that Platform otherwise. Struggling just a little trying to understand the best way for all the policies to stand on their own and peel them out of our current collective policies.
Really great video. However, the approach was slightly different to your first video some months ago. Anyhow, I guess, I got it by now.
Just came across this as I am having a nightmare trying to get teams devices signed in. Ive followed this set up - I have only 1 Conditional access policy set up and ive filtered based on our yealink devices. It doesn't matter what I do, these devices refuse to sign in. I get "couldn't connect to workplace join" . I need to sort this as this is a pilot prior to us rolling out teams voice!
Couldn't connect to Workplace Join implies it's an Azure AD issue. 1. Can you block the Conditional Access policy from firing for the device? Go to endpoint.microsoft come, click on Users, then Sign-in logs. The logs might tell you where it is tripping up for that account.
Go to Endpoint Security/Conditional Access/Policies/What if. Enter the relevant information and make dure you are hitting the Conditional Access Policy you are intending to hit.
@@flinchbot Thanks for the reply! CA all is fine, the group I have correctly excludes it. Im thinking its more to do with Authentication as entering any account results in company portal spinning with an eventual "Couldnt connect to workplace join"
What do i do if i wanted to prevent intune enrollment for Teams devices?
Remove the Intune app from the users(resource account) license in M365 Admin Center. This link shows how to do it for PowerApps. Just pick Intune instead of PowerApps.
learn.microsoft.com/en-us/power-platform/admin/signup-question-and-answer#steps-to-remove-power-apps-licenses-from-users
Without an Intune license, Intune will not be used. However, make sure your Conditional Access policy isn't checking for a compliant device. That setting requires Intune to determine if the device is compliant. Without an Intune license, you can't check for compliance, and the sign in will be blocked.