AzureFeeds

We’re publishing additional guidance about a potential sign-in issue impacting Microsoft Teams-certified Android devices (e.g., Teams Rooms on Android, Teams Phones, Teams Panels, and Teams Displays). This issue stems from a new Entra ID Conditional Access policy targeting Device Code Flow (DCF) authentication. This new policy has been deployed to tenants as part of a Microsoft-wide Secure Future Initiative. While there are no additional deployments scheduled at this time, any future rollout plans will be communicated through official channels, including email and Microsoft 365 Message Center posts.

Although previously shared guidance here: Policy changes for Microsoft Teams devices using device code flow authentication | Microsoft Community Hub included steps to exclude Teams Android devices from this policy, we’ve observed devices which were not excluded and have been signed out.

How to restore full sign-in and remote login functionality on Teams Android devices

If you have Teams Android devices which were signed out, preferably log into the device manually. However, in the likely scenario these devices are in remote locations, complete the following steps to restore the remote login functionality:

1. Login to the Entra ID portal (https://www.entra.microsoft.com), navigate to your conditional access policies and edit the Microsoft-managed Conditional Access policy called “Block device code flow”, either exclude your Teams Android device resource accounts from the policy or change the state from “On” to “Report-Only” or “Off”. Once you’ve modified this policy, it will not activate again in your tenant.

2. Once the policy has been modified, reboot your Teams Android devices to force them to sign-in (you may need to reboot up to 3 times)


3. If rebooting the device fails, attempt to manually sign the device back in using valid Teams resource account credentials. If that also fails, you will need to factory reset the device to clear the invalid authentication state.


4. After restoring functionality, please ensure your devices are running the latest Teams application:

• 
  
  
  
  • 
    
    
    
    • Teams Rooms on Android (both the compute and the console): 1449/1.0.96.2025205603
    
    
    • Teams Panel: 1449/1.0.97.2025086303
    
    
    • Teams Phone: 1449/1.0.94.2025168802
    
    
    • Teams Display: 1449/1.0.95.2024062804
    
    
    
    
  
  
  
  

SIP Gateway

If your organization uses Teams SIP devices, you do not need to create exclusion lists for them in case they get signed out. You can sign back in to SIP devices with the help of the SIP Gateway app. To prevent or mitigate impact for Teams SIP devices associated accounts, keep the policy in “Report Only” mode for those user or shared accounts.

Additional Resources

• Policy changes for Microsoft Teams devices using Device Code Flow


• Microsoft-managed Conditional Access Policies – Overview and Customization Guide 


• Microsoft-managed Conditional Access Overview 


• MC1038684 – Policy changes for Microsoft T… – ChangePilot


• Authentication flows as a condition in Conditional Access policy – Microsoft Entra ID | Microsoft Learn

If you need help completing these steps or have questions, please contact your Microsoft account team or support representative.