Microsoft teams room enroll intune

Michael Nielsen. The license includes teams and intune. A screenshot of the “Make sure this is your organization” pop-up, showing “User type: Administrator” to confirm you are signed in with Administrator credentials. Windows Autopilot enrollment is not supported.❿
 
 

Microsoft teams room enroll intune – Introduction

 
Products 68 Special Topics 42 Video Hub

❿

How to enroll Microsoft teams rooms devices into Intune – Mindcore Techblog

 
Sign In. Click Create. In the above example, we can see that the script experienced an issue downloading files. A cropped image of the Finish page, showing the “copied to” location of the new package we just created. Oldest Newest Most Voted. Click on the down arrow for Membership Type and select Dynamic user from the drop-down list. Our recommended method is to use bulk enrollment, which allows you to also set up the device in shared device mode.❿
 
 

Microsoft teams room enroll intune.Requirements

For new installations of Teams Rooms, you can apply a provisioning package during the OOBE phase of the setup process. After completion, the device is already enrolled in Intune. We hope this post helps you better understand the different options for enrolling Teams Rooms devices in Intune. Keep in mind that we recommend using a provisioning package and a dedicated account for enterprise installations and registrations with minimal interaction.

If you have any questions or feedback, reply to this post or reach out to IntuneSuppTeam on Twitter. This site uses Akismet to reduce spam. Learn how your comment data is processed. Onboard existing, unenrolled Teams Rooms Your organization might already have unmanaged Teams Rooms Windows devices in operation that are set up with local user accounts. Enroll devices with a resource account Using a resource account to register Teams Rooms devices is a manual process.

Confirm that you are signing in with a local Administrator account and enter the password. Open Windows Configuration Designer—it should look like this: For our example, we select Provision desktop devices to create a new project, add a name, the project folder path, and an optional description, and then select Finish.

Make sure to disable the Configure devices for shared use setting. If you allow this option, Windows Teams Rooms devices will not allow local sign-ins. When the token is issued, we see the status Bulk Token Fetched Successfully.

In the Provisioning packages dialog, select Add a package. Then select and add the package we created earlier from the USB drive. After the confirmation, the device reboots and begins the setup process. Onboard a new Teams Rooms device automatically to Intune The only way to enroll a new Teams Rooms device during setup is to use a provisioning package. BUT you’re more than welcome to start discussions here: Cancel reply.

I recently was tasked to enroll Microsoft teams rooms device into Intune as the customer needed compliance policy to allow the device to communicate to cloud service. There are plenty of good resources on the internet how to get started, how and what to do. However, I stumbled across lack of information in the area of creating a bulk token with the Windows Configuration Designer. First, I created the bulk token in my test tenant to see, what it did and to find out exactly what permission was needed.

After that I went on to the customer environment and got a funny error message. I strongly recommend reading this fine piece of information from Lothar Zeitler — Senior Program Manager. Also this guide on WCD.

In high level what you need is to create an Azure AD group with a dynamic rule. The dynamic rule could be on the displayName but that would require that in the enrollment process that the device is named something that the rule will recognize.

So how do we do that? As MTR devices does not support Autopilot, there are no real automated solution to make sure the device onboard and that it gets a naming standard we want. Here it is important that you use an account where you will be able to consent and say it is ok to create a new Enterprise Application and user in Azure AD.

It will ask you to consent on behalf and what it will do is that it will create an Enterprise Application and create a user.

Make sure to be aware that your token will expire days later. Mark the date in your calendar so you will have no surprises. If you somehow canceled the process during the get bulk token you will experience this error code:. Now this error really does not make sense, and this was what we were experiencing. We went into the portal of Azure AD and changed the setting, and everything finally went smoothly.

Because there is no protection whatsoever, if you do not do that. If Windows Hello for business is configured tenant wide, you will be prompted to setup your pin while logging on to the device. You can prohibit that by deactivating it tenant wide. Playing around with provisioning packages can be a great experience if you know how.

Security, Compliance and Identity. Microsoft Edge Insider. Microsoft FastTrack. Microsoft Viva. Core Infrastructure and Security. Education Sector. Microsoft PnP. AI and Machine Learning. Microsoft Mechanics. Healthcare and Life Sciences. Small and Medium Business. Internet of Things IoT.

Azure Partner Community. Microsoft Tech Talks. MVP Award Program. Video Hub Azure. Microsoft Business. Microsoft Enterprise. Browse All Community Hubs. Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for. Show only Search instead for. Did you mean:. Sign In. Intune Support Team. Published Mar 03 PM Onboard existing, unenrolled Teams Rooms Your organization might already have unmanaged Teams Rooms Windows devices in operation that are set up with local user accounts. Enroll devices with a resource account Using a resource account to register Teams Rooms devices is a manual process. Confirm that you are signing in with a local Administrator account and enter the password.

Open Windows Configuration Designer—it should look like this: A screenshot of the Windows Configuration Designer UI that has different options to create different types of provisioning packages, or open a recent project. Make sure to disable the Configure devices for shared use setting. If you allow this option, Windows Teams Rooms devices will not allow local sign-ins. Please use a tenant or device admin account to administer local device settings. An additional tip is to name Teams Room devices with a prefix that allows devices to be grouped dynamically.

You can rename devices with either a Windows 10 configuration policy or manually per device in Intune. Depending on your current scenario, there are several other enrollment options available:.

For more details about available enrollment methods, see Intune enrollment methods for Windows devices. Recommendation: Use Windows configuration profiles to configure device settings that you need to change beyond the shipped defaults.

The following Windows 10 Configuration Policy types may be used with Windows 10 based meeting room devices:. Check for supported hardware here. Learn more about available configuration policies here: Create a device profile in Microsoft Intune. Compliance policies Recommendation: Use compliance policies to achieve the desired security level for your Teams devices.

You can use compliance policies on your Teams Room devices. Make sure to create the appropriate exclusions for any existing Windows 10 compliance policies that are currently deployed in your organization to All devices.

For example, you may have configured the setting Maximum minutes of inactivity before password is required in a policy for all Windows 10 desktop devices but this would result in a poor meeting room experience if applied to Teams Room devices. If you currently have Windows 10 compliance policies deployed to large groups of devices, make sure you use the Exclude group feature so that you can target a more specific compliance policy for the Teams Room devices.

For detailed guidance, see Use compliance policies to set rules for devices you manage with Intune. Conditional Access policies with only location-based conditions can be applied to Microsoft Teams Rooms accounts at this time. Microsoft is currently working on updates that will allow additional conditions to be set, such as device compliance. Then you can use the dynamic group feature to group together all devices that start with MTR. The reason for device-group assignment is that Teams Room devices sign in to Windows with a local user account instead of an Azure AD user account and during sync with Intune, would not request any user-assigned policy.

❿