As a part of its Safe Future Initiative, Microsoft has deployed a brand new Entra ID Conditional Entry coverage concentrating on Gadget Code Circulate authentication. Sadly, it has led some Microsoft Groups-certified Android units (Groups Rooms on Android, Groups Telephones, Groups Panels, and Groups Shows) to be logged out and signing again in could be a bit fiddly so steerage has been shared.

Microsoft stated that it shared earlier steerage which defined how you can exclude Android units, however it appears some admins didn’t catch this as many units weren’t excluded and have been signed out. It’s necessary to comprehend that this isn’t a bug, it’s a safety characteristic. Nevertheless, the transfer might have been higher communicated.

To signal the units again in, you are able to do so manually. Nevertheless, if the units are distant you’ll have to comply with these steps:

1. Login to the Entra ID portal (https://www.entra.microsoft.com), navigate to your conditional entry insurance policies and edit the Microsoft-managed Conditional Entry coverage known as “Block system code stream”, change the state from “On” to “Report-Solely” or “Off”. As soon as you’ve got modified this coverage, it won’t activate once more in your tenant.
2. As soon as the coverage has been modified, reboot your Groups Android units to power them to sign-in (it’s possible you’ll have to reboot as much as 3 instances)
3. If rebooting the system fails, try to manually signal the system again in utilizing legitimate Groups useful resource account credentials. If that additionally fails, you have to to manufacturing unit reset the system to clear the invalid authentication state.
4. After restoring performance, please guarantee your units are working the most recent Groups utility:

• Groups Rooms on Android (each the compute and the console): 1449/1.0.96.2025205603
• Groups Panel: 1449/1.0.97.2025086303
• Groups Telephone: 1449/1.0.94.2025165302
• Groups Show: 1449/1.0.95.2024062804

By disabling the “Block system code stream” coverage in step 1, it’s going to change every thing again to the way it was earlier than Microsoft determined to allow it to spice up safety. It will assist you to get these affected Android units logged again in once more. Additionally pay particular consideration to step 2 which says you would possibly have to reboot your system 3 times.

Upon getting your Android units logged in once more, it’s most likely a good suggestion to comply with Microsoft’s earlier steerage and add these to an exclusion listing earlier than re-enabling the “Block system code stream” coverage.

Microsoft recommends solely permitting DCF the place it’s completely obligatory after which blocking it elsewhere. The most effective factor to do is so as to add your Groups Android system to the exclusion listing – it will enable these units to function usually, whereas boosting general safety. For those who’re an admin and have been impacted by this, make sure you take proactive measures to keep away from disruptions sooner or later.