Microsoft Teams Devices Locked Out After Conditional Access Policy Change

Microsoft has acknowledged a new sign-in issue affecting Microsoft Teams-certified Android devices, including Teams Rooms on Android, Teams Phones, Teams Panels, and Teams Displays. The issue is caused by a new Conditional Access policy in Microsoft Entra ID that blocks Device Code Flow (DCF) authentication.

Microsoft mentioned that this policy is a part of its Secure Future Initiative that launched in November 2023. The company says that Teams Android devices that are not excluded from the policy may have been signed out and are now unable to sign back in remotely.

“This new policy has been deployed to tenants as part of a Microsoft-wide Secure Future Initiative. While there are no additional deployments scheduled at this time, any future rollout plans will be communicated through official channels, including email and Microsoft 365 Message Center posts,” Microsoft explained.

How to restore full sign-in and remote login functionality in Microsoft Teams devices

Microsoft recommends that administrators manually sign in to any Teams Android devices that were signed out. To restore the remote login functionality, administrators will need to follow the steps mentioned below:

• Log in to the Microsoft Entra ID portal and navigate to their conditional access policies.
• Edit the Microsoft-managed Conditional Access policy called “Block device code flow“, and change the state from “On” to “Report-Only” or “Off“. Once this policy has been modified, it will not be activated again within the tenant.

• Reboot the Teams Android devices to force them to sign in.
• If rebooting the device fails, try manually signing in using valid Teams resource account credentials. If it also doesn’t work, performing a factory reset will be necessary to clear the invalid authentication state.
• Finally, ensure that the latest version of Microsoft Teams is installed on the device. (Teams Rooms on Android: 1449/1.0.96.2025205603, Teams Panel: 1449/1.0.97.2025086303, Teams Phone: 1449/1.0.94.2025165302, and Teams Display: 1449/1.0.95.2024062804.

In related news, Microsoft has recently acknowledged a new issue with Intune security baseline customizations. This problem affects commercial customers who are updating their security baseline to a more recent version.