Microsoft teams rooms intune enrollment. MS Teams – Enroll Teams Phones to Intune

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
If you have any questions or feedback, reply to this post or reach out to IntuneSuppTeam on Twitter.
 
 

Microsoft teams rooms intune enrollment

 

Show only Search instead for. Did you mean:. Sign In. Managing Microsoft Teams Rooms with Intune. Intune Support Team.

Published Dec 16 PM Depending on your current scenario, there are several other enrollment options available: Use Windows Configuration Designer to create a Windows 10 provisioning package that performs a bulk Azure AD Join. Details are here. Windows 10 Configuration Profiles Recommendation: Use Windows configuration profiles to configure device settings that you need to change beyond the shipped defaults.

The following Windows 10 Configuration Policy types may be used with Windows 10 based meeting room devices: Profile type Can you use the profile? Conditional Access Conditional Access policies with only location-based conditions can be applied to Microsoft Teams Rooms accounts at this time. More info and feedback As always, we want to hear from you!

Removed mention of device compliance checks for CA; that feature is coming. Resize Editor. What do we need? At the end, the group should like this: That is, it for the Azure AD group. Next, we go to create a Compliance policy. Compliance policy To get an insight if your active Microsoft Teams Rooms are still compliant, you can create a Compliance policy. MTRs are essentially meeting room appliances, not a typical Windows 10 machine that an end user uses.

The end user has no access to anything outside the MTR app, including no access to removable storage, programs, a web browser or files stored on the MTR or in the cloud. Typical use cases for configuration profiles include enabling Bitlocker to encrypt the local drive. Check for supported hardware here. Not recommended Some devices to have Wifi built in to them, but its always best to cable them into the network via Ethernet.

Typically, these types of devices are considered shared devices, so you should manually remove the primary user. Select Properties, and then select Remove primary user and select Save at the top of the page. A benefit of using a DEM account over a resource account is that the DEM account can only enroll devices and will not have any rights to access mailboxes, calendars etc.

An image of the device “Properties” page in the Microsoft Endpoint Manager admin center, showing the option to “Remove primary user”. An image of the warning message that you will get if you choose to remove the primary user: “Removing the primary user of a device configures it to operate in shared mode.

In this mode, users, including the previously assigned primary user, can no longer self-service this device in the Company Portal. Learn more [link]”. At this point, we have successfully enrolled Teams Rooms in Intune. A screenshot of the Windows Configuration Designer UI that has different options to create different types of provisioning packages, or open a recent project.

For our example, we select Provision desktop devices to create a new project, add a name, the project folder path, and an optional description, and then select Finish. An image of the New project page in Windows Configuration Designer, where you add a project name, browse for the project folder, and add a description.

In the package definition, you can specify some rules for the computer name. There are two areas selected: the “Device name” field and the “Configure devices for shared use” section, with the toggle set to “No”. Select Next. A screenshot of the “Set up network” page from the left menu in Windows Configuration Designer, with the “Set up network” toggle set to “Off”. You can use a DEM account, or any other account that has rights to gather the bulk token. During the enrollment, a new account will be created.

Note the token expiration date in the Bulk Token Expiry field and select Next. In Intune, we see the new, corresponding enrollment account that Windows Configuration Designer created. Note : The account that was used for the token request is not stored in the package. A cropped image of the package as a new profile in Intune the Endpoint Manager admin center.

For our example, we do not need to add any apps and there are no certificates, either. Select Next to continue to the Finish page, review the summary, and then select Create to generate the package. A cropped image of the Finish page, showing the “copied to” location of the new package we just created.

An image of the package file in a local directory. From the Windows Start menu, select Settings and then sign in with a local Administrator account if you are not already signed is as a local Admin. Compliance to make sure it can reach out to the cloud services. Great success Summary Playing around with provisioning packages can be a great experience if you know how. Happy testing! Share this post. Table of Contents. Search blog posts. Linkedin Youtube Twitter. Linkedin Twitter.

Infrastructure architect consultant with focus on Endpoint Management and Microsoft Sentinel. Infrastructure architect with focus on Modern Workplace and Microsoft security.

Infrastructure architect with focus on design, implementation, migration and consolidation. Infrastructure consultant with focus on cloud solutions in Office and Azure.

Add our RSS Feed. Follow on SoMe. Contact us. Follow us. Privacy Policy Cookies.

 

Microsoft teams rooms intune enrollment. Gettings started with Microsoft Teams Rooms (Part 3)

 

This post answers a few of the frequently asked questions and provides general guidance. Teams Room devices can be enrolled and managed by Intune to provide many of the device management and security capabilities available to other endpoints managed by Intune. Because these devices run Windows 10 under the hood, several of the Windows 10 features will be available to use, but many are not applicable or recommended.

Windows 10 based Teams devices arrive from suppliers prepared with an OS image, user accounts, and pre-configured profiles. For a smooth, automatic MDM enrollment, sign in to the device with the admin profile and perform the Azure AD join from the Settings menu. We recommend you use an Intune device enrollment manager DEM account specifically because Teams Room devices are shared and DEM accounts are more practical for managing shared-device scenarios.

Learn more about DEM accounts here. The Teams Rooms resource account can be used for Intune enrollment, but it should not be used for Windows 10 sign-in on the device because it can cause issues during automatic sign-in of the Microsoft Teams Room application account. Please use a tenant or device admin account to administer local device settings. An additional tip is to name Teams Room devices with a prefix that allows devices to be grouped dynamically.

You can rename devices with either a Windows 10 configuration policy or manually per device in Intune. Depending on your current scenario, there are several other enrollment options available:. For more details about available enrollment methods, see Intune enrollment methods for Windows devices.

Recommendation: Use Windows configuration profiles to configure device settings that you need to change beyond the shipped defaults. The following Windows 10 Configuration Policy types may be used with Windows 10 based meeting room devices:. Check for supported hardware here. Learn more about available configuration policies here: Create a device profile in Microsoft Intune. Compliance policies Recommendation: Use compliance policies to achieve the desired security level for your Teams devices.

You can use compliance policies on your Teams Room devices. Make sure to create the appropriate exclusions for any existing Windows 10 compliance policies that are currently deployed in your organization to All devices. For example, you may have configured the setting Maximum minutes of inactivity before password is required in a policy for all Windows 10 desktop devices but this would result in a poor meeting room experience if applied to Teams Room devices.

If you currently have Windows 10 compliance policies deployed to large groups of devices, make sure you use the Exclude group feature so that you can target a more specific compliance policy for the Teams Room devices. For detailed guidance, see Use compliance policies to set rules for devices you manage with Intune.

Conditional Access policies with only location-based conditions can be applied to Microsoft Teams Rooms accounts at this time. Microsoft is currently working on updates that will allow additional conditions to be set, such as device compliance. Then you can use the dynamic group feature to group together all devices that start with MTR. The reason for device-group assignment is that Teams Room devices sign in to Windows with a local user account instead of an Azure AD user account and during sync with Intune, would not request any user-assigned policy.

As always, we want to hear from you! If you have any suggestions, questions, or comments, please comment below. You can also tag IntuneSuppTeam on Twitter. You must be a registered user to add a comment. If you’ve already registered, sign in. Otherwise, register and sign in. Products 68 Special Topics 42 Video Hub Most Active Hubs Microsoft Teams.

Security, Compliance and Identity. Microsoft Edge Insider. Microsoft FastTrack. Microsoft Viva. Core Infrastructure and Security. Education Sector.

Microsoft PnP. AI and Machine Learning. Microsoft Mechanics. Healthcare and Life Sciences. Small and Medium Business. Internet of Things IoT.

Azure Partner Community. Microsoft Tech Talks. MVP Award Program. Video Hub Azure. Microsoft Business. Microsoft Enterprise. Browse All Community Hubs.

Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for. Show only Search instead for. Did you mean:. Sign In. Managing Microsoft Teams Rooms with Intune. Intune Support Team. Published Dec 16 PM Depending on your current scenario, there are several other enrollment options available: Use Windows Configuration Designer to create a Windows 10 provisioning package that performs a bulk Azure AD Join.

Details are here. Windows 10 Configuration Profiles Recommendation: Use Windows configuration profiles to configure device settings that you need to change beyond the shipped defaults. The following Windows 10 Configuration Policy types may be used with Windows 10 based meeting room devices: Profile type Can you use the profile?

Conditional Access Conditional Access policies with only location-based conditions can be applied to Microsoft Teams Rooms accounts at this time.

More info and feedback As always, we want to hear from you! Removed mention of device compliance checks for CA; that feature is coming.

Tags: Microsoft Endpoint Manager. Resize Editor. Version history. Last update:. Updated by:. Education Microsoft in education Office for students Office for schools Deals for students and parents Microsoft Azure in education.