Common Area phone - Portable Phone Setup

This guide is intended to be used only to configure shared phones for use in the plant that need to be portable, but can't be tied to an individual. For example, a generic shipping phone. If a phone can be assigned to an individual, but needs to be limited to plant use, refer to the Plant WiFi Smart Phone Setup guide instead.

To accomplish this an Android Phone is setup in Azure AD Shared mode so that it can be locked down to only a few applications.

Overview

This guide is intended to be used only to configure shared phones for use in the plant that need to be portable, but can't be tied to an individual. For example, a generic shipping phone. If a phone can be assigned to an individual, but needs to be limited to plant use, refer to the "Plant WiFi Smart Phone Setup" guide instead. If the phone does not need to be portable, refer to the "Common Area phone - Desk Phone Setup" guide on the right

To accomplish this an Android Phone is setup in Azure AD Shared mode so that it can be locked down to only a few applications.

Prerequisites

A common area phone user account must be setup to sign on to the phone. Refer to the "Common Area Phone Accounts" section in the General Teams Administration article on the right for further instructions.

Phone Setup

The phone is inrolled from the setup screen "AAD Teams Portable Phone" barcode. When connecting to wifi you can scan a wireless barcode by clicking Add new network, then clicking the barcode symbol. You do not sign in to Intune / Company Portal with this method.

1. Power on the phone. DO NOT PRESS any buttons. You will be presented with a screen like the following. (On newer phones this may just say welcome)

 

2. Tap anywhere in the white space until a camera appears; typically, this is 7 or 8 taps.
   1. If you receive any other prompts restart the phone and make sure that tapping in the white space is the first thing you do.
3. Once the camera appears, scan the barcode to start the enrollment process. (This should auto connect to wifi)
   
   1. In Endpoint manager navigate to Devices > Android > Android Enrollment.
   2. Click Corporate-owned dedicated devices.
   3. Click the ... menu to the right of "AAD Teams Portable Phone"
   4. Click View Enrollment Token.
   5. Scan the barcode.
4. If prompted to connect to wifi.
   1. Either click on the wireless network or click Add New Network.
   2. Click the Barcode icon to the right.
   3. Scan the barcode to connnect.
      
5. You will be taken to a screen that states, “This device belongs to your organization” Tap Next.
    
6. You will now be taken to a screen like the following. During this time your phone will get connected to WiFi and prepare for the next steps. This may take a minute or two. 
7. Once you are brought to a screen titled “Set up your phone” tap Accept and Continue.
   
8. Please wait a few moments while the setup is initialized. During this time, you may see screens like the following. Once this is complete you will see a Next button appear at the bottom of the screen.

 
 

7. Tap Next to continue.
   

 

8. You will now be taken to a screen like the following while this checks for updates. This may take a moment or two.
   
9. You will now be taken to a screen about the Google services, Tap More to review, you will likely need to tap this twice.
    
10. Tap Accept to continue.
    
11. If desired, you can review the information listed.
    

 

12. Tap “I have read and agree to all of the above” then tap Next to continue.
    

 

13. You may briefly see a screen stating that the device is being updated.
    

 

14. Was not at this step on S9 - You will now need to accept the settings for Chrome. Tap Accept & continue. 
    
15. Was not at this step on S9 - The device should now start to update.

20. Tap Install to begin configuring your work apps.
    

 

21. You will see a screen like the following as this installs, once the next button appears, tap this to continue. (When complete, you may need to tap Done)
    

 

22. Tap Set up under Register your device. (If prompted)
    
23. Tap Next to register your device.
    

 

16. This may take a few moments to complete, once it is complete you will see a Next button appear at the bottom of the screen. Tap Next to categorize your device. (I saw a done button)
    

 

17. Select CQC Corporate Owned Mobile Device, then tap OK.

 

18. Tap Done to complete the process.
    

 

19. Once this is complete you will be taken to a screen like the following. If you aren't connected to WiFi automatically, connect to WiFi. At this point your phone is configured, but your apps may still be installing. It is recommended that you wait about five minutes before using the phone. 

20. 

     

21. You may see a screen like the following as your device is updated with the initial settings.

22. 

23. If you would like to check the status of the installation, tap the Google play icon, to be taken to a screen like the following which will show the installation progress.

24. 

25. The device will now be enrolled and policies will be pushed to the device This will take several minutes. During this time you may be able to complete some of the steps below in the Manual Configuration Section.
26. Once this is done you should see a message to grant notification permission, tap grant. (If necessary tap "Got it" to dismiss the instructions at the bottom)
    1. Tap managed home screen
    2. Tap Allow
    3. You should now be taken to a sign in screen.
    4. Tap sign in
    5. Tap the back button to return to the main screen.
27. Once this is complete, restart your phone to complete the setup.
28. Open Teams and sign in.
29. Enter the username, then tap Next. (The username is in the format cap-loc-name@cqc.com; for example cap-sps-sup1@cqc.com)
    1. Enter the password from the database (Under Common Area Phones), then tap Sign In.
30. Your device will be updated and begin to sign you in.
31. If you did not complete the Manual Configuration, you may do so now.

Manual Configuration

Once you are taken to a limited screen with just managed settings, perform the following steps to configured the phone.

1. Tap managed settings.
   1. Tap the i
   2. Tap exit Kiosk
   3. Enter the pin
   4. Tap settings
   5. search for side key, tap side key.
   6. Change Press and hold to power off menu
   7. tap back, then search for screen timeout.
   8. Set this to 10 minutes.
   9. tap back then look for never sleeping apps
   10. tap never sleeping apps
   11. Tap the plus
   12. select teams
   13. tap add
   14. Search for "Appear on Top" then add Teams
       1. You may also be able to find this under the app properties.
   15. On older phones this may be listed as overlay.
   16. On Android 12 you need to open apps, then click the menu, then choose special access.
   17. You may also want to setup a weekly reboot.
   18. return to the app list.
   19. Tap managed home screen
2. Locate and open the Host app to open Teamviewer.
   1. You will be prompted to enable the universal add on, tap enable.
   2. This will open accessibility.
   3. Tap on universal add on.
   4. Turn on universal add on , if prompted to allow, tap allow. You do not need to add the shortcut.
   5. You will then prompted for display over the top of other apps
      1. Tap settings
      2. Locate Host
      3. Select the slider to allow display over apps.
      4. Tap back to return to the previous screen.
3. Open teams
4. The phone is now ready to use.

Update Information in Endpoint manager

1. Locate the device in endpoint manager.
   1. Typically this is the most recently enrolled device
   2. On the device you can find the current device name by opening Managed Settings. Then tapping on the i to bring up device information.
2. Click properties, then rename.
3. The name should be in the format "cap-loc-name_AzureADSharedMode_Date"
   1. For example cap-sps-ndd3_AzureADSharedMode_8/30/2022_5:16 PM
4. Choose a device Category.
5. Enter any relevant notes.
6. Click Save.
7. Note: You may need to refresh the page for the new name to be displayed.

Intune Setup

Note: The managed home screen is not configured to allow sign in because due to an undocumented change by Microsoft, using this method will cause the phone to become logged out any time the phone crashes or is restarted.

Devices are grouped using the dynamic group EMM_AAD-TeamsMobilePhone (There is a test group that can be used EMM_Test_AAD_Managed_HomeScreenSettings)

The enrollment barcode is configured as AAD Teams Portable Phone

Device Configuration - AAD Teams Portable Phone - Device Restrictions

App Configuration - AAD Teams Portable Phone - Managed Home Screen Settings

This requires the following apps to be deployed: Managed home screen and Teams

Troubleshooting

Strange Boot Screen

In the unlikely event that you encounter a screen similar to the following when you first power on the phone, please press and hold the side button and the volume down button until the phone restarts (about 7 seconds).

Re-Install Teams

If Teams is acting strangely, or does not open at all, you may want to try re-installing Teams. This can be done by doing the following.

1. Identify the serial number of the device.
   • It may be necessary to unlock the device to find this.
2. Locate the device in Endpoint Manager.
3. Make note of the device name.
4. Add the device to the sg-Uninstall-Teams in Azure Active Directory, then wait for the app to uninstall.
   • You can sometimes speed up this process by initiating a reboot in Endpoint Manager.
5. Once you have confirmed that Teams is removed, reboot the device again to ensure all cache is removed.
6. Remove the device from the sg-Uninstall-Teams group in Azure Active Directory.
7. Once you have confirmed that Teams is installed, reboot the device again to ensure a fresh start.
8. Verify that Teams is working properly
9. Re-configure Android settings for Teams.
   1. Tap managed settings.
   2. Tap the i
   3. Tap exit Kiosk
   4. Enter the pin
   5. Tap settings
   6. search for never sleeping apps
   7. tap never sleeping apps
   8. Tap the plus
   9. select teams
   10. tap add
   11. Search for "Appear on Top" then add Teams
       • You may also be able to find this under the app properties.
       1. On older phones this may be listed as overlay.
       2. On Android 12 you need to open apps, then click the menu, then choose special access.
   12. return to the app list.
   13. Tap managed home screen

Chat not available in Teams

So far this has only happened on one phone, however it's possible that this change may need to happen for all WiFi phones using a generec account.. It appears that Microsoft may be tightening up the licensing for the Common Area Phone license so that devices with this license can only use phone and meeting functionality and not chat.

This may look similar to the following.

To fix this do the following.

1. replace the Shared Device License with an F3 license and a Microsoft Teams Phone Standard license.
   1. Note you may need to temporarily assign an E5 license because you will be lowering the level of some licenses.
2. Reboot the phone.
3. If after rebooting the phone does not update, it may be necessary to sign out the account.
   1. Tap managed settings.
   2. Tap the i
   3. Tap exit Kiosk
   4. Enter the pin
   5. Tap settings
   6. Open Accounts
   7. Remove the account for the user.
   8. Reboot the phone.
   9. Sign into Teams with the user account.