Microsoft Teams Devices with Microsoft Intune

For users that want a desk phone there are some very nice options out there for Microsoft Teams devices. In this post, we look at one of the issues with them caused by the fact that they run Android and will need to be manageable by Microsoft Intune if you are using it.

This week, we picked up a Yealink T-55a to start having a look at with Microsoft Teams. We’ve previously used Polycom VVX devices with Skype for Business Online. During set-up, we found some issues with Microsoft Teams Devices with Microsoft Intune.

If like us at Arcible, you use Microsoft Intune as your Mobile Device Management (MDM) solution for managing your mobile devices, you might be surprised to hear that this effects Yealink, Audiocodes, Polycom, and other Microsoft Teams Devices.

The reason for this is that these new Microsoft Teams Devices are all based on Android. When the devices are enrolled into Intune to allow them to start the Microsoft Teams app if you could find that you have issues with Microsoft Teams Devices with Microsoft Intune.

Creating Teams Devices Groups

At Arcible, we use Dynamic Azure AD Groups for assigning our Microsoft Intune Device Compliance and Device Configuration Policies. We have modified our existing Dynamic Azure AD Groups to exclude the Microsoft Teams Devices with Microsoft Intune and then we have created new Dynamic Azure AD Groups for the Teams Devices.

We referred to the Microsoft article Rules for dynamic group membership at and decided that the best option was to use the device.deviceManufacturer property.

So that we don’t have to re-work the solution again if we want to try out Polycom CCX devices or Audiocodes C-series phones, we’ve decided to use the notIn array rule in our groups.

Azure AD Dynamic Group notIn syntax to exclude Microsoft Teams devices

Next, we created a new group specifically so that we can manage the Microsoft Teams Devices with Microsoft Intune. This group is similar except that we use In to include these devices.

AD Dynamic Group In syntax to include Microsoft Teams devices

Create Microsoft Teams Devices Compliance Policy

Depending on your Microsoft Intune configuration, by excluding these devices from applying to other Compliance Policies, they may now have no policy assigned.

At Arcible, our Microsoft Intune configuration means that if a device has no policy assigned it is marked as non-compliant by default so we needed to correct that.

We chose to fix this by creating a simple Compliance Policy which applies only to the Microsoft Teams Devices dynamic group and checks for minimum Android version and a few other attributes that we found from the devices. We have also used a network fence so that the devices will only be compliant when they are on the network in our office location.

Get help with Microsoft Intune

If you need help with Microsoft Intune, Microsoft Teams, or anything else in Office 365 and Azure then our Consulting services may be of interest to you.

We can help you develop an MDM policy strategy for your mobile devices, we can help you with Microsoft Teams and moving your voice solution to the cloud, and much more. Get in touch with us if you would like to find out more.