This was an interesting one I ran into some time ago with a client of mine.
They had been rolling out Teams voice and as part of the rollout had elected to offer Teams Certified Handsets in some areas.
As part of their setup procedure, They used a test account to sign into any phones they were having issues with, as it had known good Dial Plan, Voice Policies etc.
However, midway through their migration weekend, the account “stopped” working, phones would throw an error when attempting to sign in with the test user
It stopped working in a very peculiar way however, any phones they had already deployed could use the account just fine, but any new devices refused to let the account work.
We checked their deployment templates. Looked to see if a new firmware or Teams App version had launched, but all versions matched.
And the more interesting thing was if the phone was given another account, it worked perfectly.
Eventually, we started debugging the sign-in process itself so I asked the admin to login to Azure AD and check the sign-in failure report
Looking into it we saw all sorts of issues relating to intune policy, some saying objects couldn’t be applied, some saying settings couldn’t be remediated.
I logged into Azure and navigated over to Azure AD, clicked on the affected user, then took a peek at their Sign-in Logs, and their Devices page.
On the devices page. I had a look at the devices the user is associated with. You should probably see a hint as to why the phone is getting stuck.
The issue was, each time the user was signing in with their test account. It would associate that device with their Azure AD and Intune. Signing a phone out doesn’t disassociate it with your Azure AD / Intune account. So these devices just keep piling up and eventually. Hit the device cap. This by default has a limit of 20 devices.
To solve it, you can either raise the cap by going to Azure AD > Devices > Device Settings (not recommended). Or, jump into the user that is signing into all these phones and delete the devices. Navigate to Azure AD > Users > The affected user > Devices and remove some devices from the list.
Another interesting one that just goes to show how integrated to everything Teams really is.
Hope you found this interesting.