If you’re using a Poly X30 or X50 with a TC8 touchscreen panel, you may be experiencing sign in issues when attempting to log in to the TC8 touch panel.
If you check the Azure AD sign in logs, you may find that a successful sign in was recorded. However, if you check the Intune Enrollment Failure Logs (after waiting at least 10 minutes from when you signed in to the TC8), you’ll see an enrollment failure.
Β
Background
This issue occurs if you use Intune Enrollment Restriction policies to restrict who can enroll in Intune within your org.
By default, most orgs will set up policies to blockΒ Personal devices from being allowed to enroll in Intune, and will then create an exceptions list based on the devices MAC address or serial number.
While this works in the majority of cases, it does not work for the TC8 touch panel. This is down to the TC8 touch panel not reporting the correct serial number or MAC address to Azure AD on sign in.
Β
The Fix
To fix this issue, first we’ll create a new Office 365 security group that contains a list of our meeting roomΒ userΒ accounts (not devices).
Once the list has been created, head over to the Intune Portal, Devices > Enrollment device platform restrictions and clickΒ Create Restriction
Give the new restriction a suitable name and description. I’ve gone with “workaround for TC8”
Next underΒ Platform Settings ensureΒ Allow is selected underΒ Personally owned. Leave the device manufacturer field blank
Next, leave theΒ Scope tags as is, and click Next
On the Assignments page add your group of Android Collab Bar users that we created before, and clickΒ Next
On the review page click Create
Be sure to check the priority of your enrollment rules. It’s advisable to move this newly created rule near the top of the priority list.
Β
Sign in test
It’s important to wait at least 15 minutes for Azure AD and Intune to replicate before restarting your TC8 and then attempting to sign in to Teams.
Β
Additional Notes
Keep in mind that if you have one or more Android Compliance Policies that target android devices in your org, you’ll need to exclude your Android collaboration bars, TC8’s and Teams phones from these polices as they do not support them.
To do this, create an Office 365 security group that contains a list of your Android devices. I’ve done this for my Poly devices via a Dynamic Membership Rule:
(device.deviceOSType -eq "Android") and (device.displayName -contains "PolyStudioX30") or (device.displayName -contains "PolyStudioX50") or (device.displayName -contains "CCX") or (device.displayName -contains "TC8")
Once created, exclude this group from any Android Compliance Policy:
