Microsoft 365 Alert : Service degradation – Azure Active Directory – Users with Android devices may experience authentication issues when accessing Azure Active Directory (AAD) apps – RESOLVED

04/05/2022 10:22:00 AM (BST)

Microsoft Reference : MO372219  

NHSmail Reference : INC28784660

Issue Status : RESTORED

Issue Description : Users are seeing Teams Android certified devices logging out of AAD apps.

More info : The majority of the impact for Azure Active Directory (AAD) apps is specific to Microsoft Teams. Other Microsoft 365 services could also be impacted.

Impacted Android IP-based Teams devices include, but are not limited to:
– Poly, Yealink, Audiocodes Team Phones
– Poly, Yealink and Logitech Microsoft Teams Rooms on Android (MTRA)
– Teams Panels
– Teams Displays

While the fix will prevent any additional devices from being affected, users will still need to follow the mitigation steps outlined below to resolve the issue. For more detailed instructions, please see the following link:
https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/teams-rooms-and-devices/signed-out-of-teams-android-devices

– Manually sign-in to the affected device.
– If a manual sign-in is not an option, perform a remote sign-out and sign-in operation using the Teams Admin Center (TAC).
– If this does not work, perform a remote device reboot through the TAC using the ‘Restart’ option on the device page within the TAC. Once completed, perform a remote sign-in operation.
– If this does not work, perform a manual restart of the device and then a manual log-in or remote TAC log-in.
– If this does not work, perform a factory reset of the device, then a manual log-in or remote TAC log-in.

Guides to use the TAC method to remotely log-in to the devices can be found at:
https://docs.microsoft.com/en-us/microsoftteams/devices/remote-provision-remote-login

https://docs.microsoft.com/en-us/microsoftteams/devices/remote-sign-in-and-sign-out

The required mitigation is a one-time action on a per-device basis; once an affected device has been signed back in, no further action is required to prevent a reoccurrence of this problem.

Scope of impact : Your organization is affected by this event, which could potentially impact any of your Teams Android certified devices.

Final Update : 10/05/2022 08:40:00 AM – Microsoft monitored the service for an extended period of time and have confirmed that the fix has successfully resolved the issue, and no further devices have been impacted.
As previously communicated, users will need to take action to mitigate impact to affected devices. If not already done, please review the “More info” section of this communication for guidance on the required steps.

Root cause : A recent code change which was intended to optimize service functionality contained a code issue within a segment of the change. The code issue caused the affected devices to not be authenticated as expected on the back end of the service as it altered the format of the request being received, resulting in the sign-outs.

Next steps : Microsoft will continue to monitor telemetry to ensure no additional devices are impacted by this issue.
Microsoft are reviewing the offending change to better understand why impact wasn’t detected during testing.