How to Identify Unsupported Teams Devices using Endpoint Manager
At the end of June Microsoft announced that they would retire Teams mobile support for Android 4.4 (KitKat) by September this year, which is just around the corner.
This in general is good, because if you use Intune to manage your devices today, then you should be planning to move to Android Enterprise management features that require Android 5.0 or higher – or ideally Android 6.0 and above.
However, moving to a newer version of Android isn’t straightforward because unlike Apple’s iOS, which has a clear-cut set of definitions for which devices will get OS updates, the decision to update an Android OS rests with various device manufacturers, and in many cases wireless carriers.
Devices affected by this change are smartphones and tablets that are typically at least five years old and include older devices such as the Samsung Galaxy S3. Most devices from around 2015 onward received updates to Android 5 (Lollipop) and Android 6 (Marshmallow); dedicated Teams phones are not affected by this change.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Finding older devices enrolled with Intune
If you enroll devices with Intune, then these will be straightforward to identify. The Intune Company Portal app has only supported Android 5.0 and higher since January 2020, therefore it’s unlikely you will have received any new enrolments since then – but devices with the app already installed can continue to enrol today.
To find these devices and export a list, visit the Microsoft Endpoint Manager Admin Center and navigate to Devices>Android Devices. You will see a list of all Android devices currently enrolled:
If you need to filter the list of enrolled Android devices running the affected version, enter 4.4 into the Search by.. box in the UI. You can the use Export to gain a list of all enrolled devices.
Finding all older devices using Azure AD Sign-In logs
If you allow mobile devices to use Teams without Intune enrollment, or do not use Intune, then you will need to use a different method to discover devices running older versions of Android.
The Azure AD admin center provides the ability to review, filter and export sign-ins for the last month, which should give you a good indication of all older Android devices connected to your environment.
To find these devices, visit the Azure AD admin center and navigate to Sign-ins. Choose the time period you wish to filter by, then filter by Operating system starts with entering the value “Android 4” combined with Application starts with, using the value “Microsoft Teams”.
This will show a comprehensive list of all sign-ins to the Microsoft Teams application from Android 4.4 devices:
Because these are sign-in logs, you will see an element of duplication, which will make it harder to identify individual devices. Therefore, use the Download option to export a CSV report of the filtered sign-ins. You can then open this in Excel, and use the Remove Duplicates, using Username as the key to reduce this list to one line per user:
After identifying users affected, you will have several options. For BYOD (Bring your own device) scenarios, it is unlikely you will need to provide a replacement, but you will need to inform users that Teams is expected to cease working on their device.
For corporate-owned devices running older versions that you replace, it is worth ensuring any replacement devices you issue will continue to receive security updates as well as Android OS updates.