Setting Up Microsoft Teams Rooms and Desk Phones with Intune: A Comprehensive Guide

In today’s remote and hybrid work environments, Microsoft Teams Rooms (MTR) and Desk Phones play a pivotal role in enabling seamless and productive meetings. These dedicated meeting room devices and desk phones, all managed through the Teams Admin Center or Teams Pro Center, offer a powerful collaboration experience. In this comprehensive guide, we’ll walk you through the step-by-step configuration of these devices using Intune. Whether you’re an IT administrator or a Teams enthusiast, this guide will help you get your MTRs and Desk Phones up and running.

Understanding Microsoft Teams Room Devices

Before we dive into the setup, it’s important to grasp what MTRs are. These are meeting rooms equipped with all the hardware and software necessary for hosting remote and hybrid meetings. In this context, we’re also including Desk Phones based on the same system and application, as they share the MTR app. The accounts used for these devices are crucial, and they’re distinct from regular user accounts that sign into devices like Surface Hubs and Desk Phones.
Most MTR devices today are based on Android (Device Admin) and Windows 10 Team.

Creating Service Accounts

Service accounts are an essential part of MTR setup. These accounts are created specifically for MTR and must have the “Microsoft Teams Rooms Pro” license. They should be configured with specific settings, including mailbox configurations and password policies.

Set-Mailbox -RoomMailboxPassword (ConvertTo-SecureString -String $room.password -AsPlainText -Force) -Identity $room.upn -EnableRoomMailboxAccount $true
Set-CalendarProcessing -Identity $room.upn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $false -ProcessExternalMeetingMessages $true
Set-AzureADUser -ObjectID $room.upn -PasswordPolicies DisablePasswordExpiration

Additionally, these accounts should be added to specific groups based on the operating system or function, such as “Intune-Teams Room MTR Android” or “Intune-Teams Room Desk Phone.”

Personal Accounts

Regular users can also enrol in Teams Desk Phones. However, this requires two prerequisites: a Microsoft 365 E3 license with Phone System for external PSTN calls, and membership in the “Intune-Teams Room DeskPhone User” group.

Organizing Accounts with Groups

To streamline the setup, Entra ID security groups are used to aggregate different accounts for various devices. These groups don’t include the devices themselves but help organize and manage the accounts effectively.

Here’s a quick summary of some key groups:

  • Intune-Teams Room MTR Android
  • Intune-Teams Room MTR Windows
  • Intune-Teams Room Panels
  • Intune-Teams Room Desk Phone
  • Intune-Teams Room Surface Hub
  • Intune-Teams Room Systems (Bringing together all the above groups except “Intune-Teams Room Desk Phone Users”)

Device Filters

Device filters are essential for assigning compliance policies and avoiding multi-factor authentication (MFA) on Android devices like phones and room accounts. Specific filters are defined for different device types and platforms, ensuring precise control.

Enrolment Configuration

Enrolling Android and Windows devices in Intune requires distinct “Enrolment device platform restrictions.” These configurations specify the platform, minimum version, and maximum version. Each platform is assigned to specific groups based on its role.

Compliance Policies

Two separate compliance policies are set up: one for Android devices and one for Windows devices. These policies define various settings to ensure device compliance and security. Actions for noncompliance are also specified, along with the groups to which the policies are assigned.

Conditional Access

Conditional Access is crucial for securing service accounts and user sign-ins on Desk Phones and Surface Hubs. Exemptions from standard MFA requirements are defined based on device manufacturer and model. This is followed by the setup of Conditional Access policies to protect Teams devices and accounts, with specific conditions and exclusions.

With these configurations in place, you can ensure a secure and efficient Microsoft Teams Rooms and Desk Phones setup within your organization. Remember to adapt these settings to your specific requirements and stay up-to-date with any changes in the Microsoft Teams and Intune platforms.

By following this guide, you’ll be well on your way to creating a productive and collaborative meeting environment, whether in the office or across remote locations. Get ready to harness the full power of Microsoft Teams with MTRs and Desk Phones!

Leave a Reply

Your email address will not be published. Required fields are marked *