Tuesday, December 7, 2021

How to enable Microsoft Teams push-to-talk (PTT) capabilities on Samsung XCover Pro with Intune

By Lothar Zeitler – Senior Program Manager | Microsoft Endpoint Manager – Intune

 

Frontline workers are essential in global workforces, performing critical jobs as first responders, supply chain workers, and many other roles across industries. For a long time, frontline workers used walkie-talkies (two-way radios) as the primary tool to communicate with colleagues and supervisors during their shifts. With the digital transformation of the last decade, workers need devices that offer more functionality and line-of-business applications, such as inventory management systems or Microsoft Teams for collaboration and communication.

 

However, for specific scenarios that require fast and direct communication, you can use the Walkie Talkie app in Microsoft Teams. The app provides instant push-to-talk (PTT) communication from a mobile device, without having to start Microsoft Teams or dial a phone number. Samsung offers the ability to configure a hardware button for the Walkie Talkie app on the Galaxy XCover Pro. Once configured and connected to a channel, you can use PTT functionality with the click of a button. For more info on this feature and applicable scenarios, see How to use Microsoft Teams Walkie Talkie on your Galaxy XCover Pro | (samsung.com).

 

In this post, we will walk through the steps to configure the Microsoft Teams PTT functionality for Intune-managed Samsung XCover Pro devices in Microsoft Endpoint Manager.

 

Set up device management in Intune

First, we need to and set up a device group for Samsung devices that are corporate-owned dedicated devices with Azure Active Directory (Azure AD) shared device mode. This is required to enable devices to support multiple users. For detailed instructions, see Setup Intune enrollment for Android Enterprise dedicated devices and Shared device mode for Android devices.

 

For this example, in the Microsoft Endpoint Manager admin center we created a new enrollment profile named “A_SM_XCover_MU” with the token type Corporate-owned dedicated device with Azure AD shared mode.

 

Creating a new corporate-owned dedicated device profile in the Microsoft Endpoint Manager admin center.Creating a new corporate-owned dedicated device profile in the Microsoft Endpoint Manager admin center.

 

The example enrollment profile looks like this:

 

Enrollment token example for a Corporate-owned dedicated device with Azure AD shared device mode in the Microsoft Endpoint Manager admin center.Enrollment token example for a Corporate-owned dedicated device with Azure AD shared device mode in the Microsoft Endpoint Manager admin center.

 

Next, we create a new device group to dynamically add all Samsung models with the same enrollment profile. We will use this dynamic group to assign policies, apps, and configurations, including the PTT configuration, to each new device that belongs to that group. We use the same enrollment profile name that we used for our device group: "A_SM_XCover_MU". When you create this new group, make sure to select Dynamic Device in the Membership type field.

 

Creating a new Azure Active Directory (Azure AD) dynamic device group in the Microsoft Endpoint Manager admin center.Creating a new Azure Active Directory (Azure AD) dynamic device group in the Microsoft Endpoint Manager admin center.

 

As a membership criterion for the group, we use the name of the enrollment profile. We define the rule criteria under Dynamic device members > Add a dynamic query. Under Property, we select enrollmentProfileName, then under Operator, select Equals, and under value, we enter the profile name " A_SM_XCover_MU."

 

Dynamic membership rules, properties and value examples highlighted in the Microsoft Endpoint Manager admin center.Dynamic membership rules, properties and value examples highlighted in the Microsoft Endpoint Manager admin center.

 

Now, all devices that are enrolled with this profile in Intune automatically become members of our group.

 

Create a compliance policy for shared devices

The default settings of Intune require a custom compliance policy. This setting might have been changed in your environment, but we create and assign a custom compliance setting for our shared devices for our testing.

 

First, we create a new compliance policy and select Android Enterprise as the platform and Fully managed, dedicated and corporate-owned work profile as the profile type.

 

Creating a new policy Android Enterprise Fully managed, dedicated and corporate-owned work profile compliance policy in the Microsoft Endpoint Manager admin center.Creating a new policy Android Enterprise Fully managed, dedicated and corporate-owned work profile compliance policy in the Microsoft Endpoint Manager admin center.

 

The next step is to define a name and optionally a description in the Basics section. We name our example "A_SM_XCover_MU_Compliance".

 

Creating a new Android Enterprise fully managed, dedicated, and corporate-owned work profile compliance policy in the Microsoft Endpoint Manager admin center.Creating a new Android Enterprise fully managed, dedicated, and corporate-owned work profile compliance policy in the Microsoft Endpoint Manager admin center.

 

We choose the minimum OS version as the compliance setting and set the value to "10".

 

Configuring the minimum OS version as the compliance setting with a value of "10".Configuring the minimum OS version as the compliance setting with a value of "10".

 

We leave the default settings on the Actions for noncompliance tab and continue to Assignments. Here, we add the dynamic group we created "A_SM_XCover_MU" and click Select.

 

Assigning a new group to include and assign to the new fully managed, dedicated, and corporate-owned work profile compliance policy.Assigning a new group to include and assign to the new fully managed, dedicated, and corporate-owned work profile compliance policy.

 

We review the new compliance policy settings and select Create.

 

Reviewing the new compliance policy settings created and selecting the "Create" button.Reviewing the new compliance policy settings created and selecting the "Create" button.

 

Add apps for installation

We'll focus on the key applications we need to enable PTT communication on shared devices. Our example uses the Microsoft Teams Walkie Talkie app and the configurable hardware, walkie-talkie button on Samsung Galaxy XCover Pro devices. It also requires the Microsoft Managed Home Screen app.

 

First, let's assign Teams to the Galaxy XCover Pro devices. In the Microsoft Endpoint Manager admin center, we go to Apps > All apps > Add, and in the Select app type pane, select Managed Google Play app.

 

Selecting a new Managed Google Play app in the Microsoft Endpoint Manager admin center.Selecting a new Managed Google Play app in the Microsoft Endpoint Manager admin center.

 

In the Managed Google Play app store, we select Microsoft Teams.

 

Selecting the "Microsoft Teams" app as a Managed Google Play app store.Selecting the "Microsoft Teams" app as a Managed Google Play app store.

 

Next, we select Approve to accept the app permissions and the requirements in Managed Google Play.

 

Figure 1. Approving the Microsoft Teams app permissions and requirements in the Managed Google Play app store.Figure 1. Approving the Microsoft Teams app permissions and requirements in the Managed Google Play app store.

 

Figure 2. Approving the Microsoft Teams app permissions and requirements in the Managed Google Play app store.Figure 2. Approving the Microsoft Teams app permissions and requirements in the Managed Google Play app store.

 

Additionally, we need to decide how we'll handle permission changes. In our example, we choose to keep the app approved when it requests new permissions, and then select Done to confirm.

 

Figure 3. Approving the Microsoft Teams app permissions and requirement changes in the Managed Google Play app store.Figure 3. Approving the Microsoft Teams app permissions and requirement changes in the Managed Google Play app store.

 

Next, we repeat these same steps to add the Managed Home Screen app.

 

Create app assignments

Once we’ve added both apps (marked in red in the following image), we need to create assignments in Intune to install them on your devices. In contrast, the Microsoft Authenticator and Microsoft Intune apps (marked in green) will be installed automatically during enrollment.

 

Example screenshot of the "All apps" blade in the Microsoft Endpoint Manager admin center with the Microsoft Home Screen, Authenticator, Intune, and Teams apps highlighted.Example screenshot of the "All apps" blade in the Microsoft Endpoint Manager admin center with the Microsoft Home Screen, Authenticator, Intune, and Teams apps highlighted.

 

We’ll walk through the steps to assign the Teams app to our device group. In the Microsoft Endpoint Manager admin center, we go to Apps > All apps and select the Microsoft Teams app. We select Properties and then next to Assignments, select Edit to get to the assignment settings.

 

Microsoft Teams properties example in the Microsoft Endpoint Manager admin center.Microsoft Teams properties example in the Microsoft Endpoint Manager admin center.

 

Under Required, we select Add Group and then select the group we previously created for the Galaxy XCover Pro devices, "A_SM_XCover_MU".  We select Review + save to finish the assignment.

 

Adding a new "Required" group for the Microsoft Teams app in the Microsoft Endpoint Manager admin center.Adding a new "Required" group for the Microsoft Teams app in the Microsoft Endpoint Manager admin center.

 

Finally, we repeat these steps to assign the Managed Home Screen app to same device group.

 

Create an app configuration policy

We need to create a new app configuration policy to set up Managed Home Screen specifics.

 

In the Microsoft Endpoint Manager admin center, we go to Apps > App configuration policies and select Add > Managed devices. We name the policy "A_SM_XCover_MU_MHS_Config" and select the platform Android Enterprise and the profile type Fully Managed, Dedicated, and Corporate-Owned Work Profile Only. For the targeted app, we select Managed Home Screen from the Associated app tab.

 

Creating a new app configuration policy for the Managed Home Screen in the Microsoft Endpoint Manager admin center.Creating a new app configuration policy for the Managed Home Screen in the Microsoft Endpoint Manager admin center.

 

We can use the configuration designer to search for and add specific values we want to configure.

 

Using the configuration designer to search for and add specific values for the Managed Home Screen in the Microsoft Endpoint Manager admin center.Using the configuration designer to search for and add specific values for the Managed Home Screen in the Microsoft Endpoint Manager admin center.

 

We added the settings Enable Sign in, to require Azure AD users to sign in, and Enable Session PIN, which is a device PIN that is valid until the session is closed and the user logs off. We added wallpaper settings as additional values, however these are not necessary for this example.

 

Enabling the "Enable Sign in" and "Enable Session PIN" settings under a new app configuration policy for the Managed Home Screen in the Microsoft Endpoint Manager admin center.Enabling the "Enable Sign in" and "Enable Session PIN" settings under a new app configuration policy for the Managed Home Screen in the Microsoft Endpoint Manager admin center.

 

In Assignments, we assign the policy to the device group we created earlier.

 

Assigning a new group to include and assign to the new app configuration policy.Assigning a new group to include and assign to the new app configuration policy.

 

Create a device configuration profile

The next activity is to configure the kiosk settings for the devices. To do this, we need to create a device configuration profile. We go to Devices > Configuration profiles > Create profile. We select Android Enterprise as the platform and Device restrictions as profile type.

 

Creating a new Android Enterprise device restriction profile in the Microsoft Endpoint Manager admin center.Creating a new Android Enterprise device restriction profile in the Microsoft Endpoint Manager admin center.

 

In the Basics tab, we name the profile "A_SM_XCover_MU_MHS_Kiosk_Config" and add a short description, which is optional.

 

Creating a new Android Enterprise device restriction profile in the Microsoft Endpoint Manager admin center.Creating a new Android Enterprise device restriction profile in the Microsoft Endpoint Manager admin center.

 

In the Configuration settings tab, we select Dedicated device as the enrollment profile type. For Kiosk mode settings, we choose Multi-app to configure our device to allow more than one app on the screen.

 

Android Enterprise > Device restriction > Configuration settings example with the "Dedicated device" and "Multi-app" settings highlighted.Android Enterprise > Device restriction > Configuration settings example with the "Dedicated device" and "Multi-app" settings highlighted.

 

With a custom layout, we can pick the format that suits our multi-app device best. To do this, we enable the Custom app layout setting and choose a grid size of 3x4 for our example.

 

Android Enterprise > Device restriction profile with the Custom app layout > "Enable" and "Grid size" options highlighted.Android Enterprise > Device restriction profile with the Custom app layout > "Enable" and "Grid size" options highlighted.

 

The next step is to specify where the apps should appear. We add the Teams app to a grid location.

 

Configuration example of adding the Microsoft Teams app to a grid location under an Android Enterprise > Device restriction profile.Configuration example of adding the Microsoft Teams app to a grid location under an Android Enterprise > Device restriction profile.

 

Next, we continue to the Assignments tab to assign the device restrictions to the Galaxy XCover Pro device group, as we did in previous sections. Then we review and create the new profile.

 

Create an OEMConfig profile

The last policy definition in Intune we need is an OEMConfig policy to assign Teams PTT functionality to the hardware button of the Samsung XCover Pro device.

 

Microsoft Teams PTT functionality highlighting the location of the hardware button on a Samsung XCover Pro device.Microsoft Teams PTT functionality highlighting the location of the hardware button on a Samsung XCover Pro device.

(Source: How to use Microsoft Teams Walkie Talkie on your Galaxy XCover Pro | (samsung.com)).

 

First, we need to create an OEMConfig profile in Intune. To get started, we create a new configuration profile for the Android Enterprise platform and type OEMConfig.

 

Creating a new Android Enterprise OEMConfig profile in the Microsoft Endpoint Manager admin center.Creating a new Android Enterprise OEMConfig profile in the Microsoft Endpoint Manager admin center.

 

Next, we name the new profile "A_SM_XCover_MU_PTT" and add an optional description. To process the OEMConfig settings, we choose the Knox Service Plugin as our OEMConfig app.

 

New OEMConfig profile targeting the "Knox Service Plugin" as the "OEMConfig app".New OEMConfig profile targeting the "Knox Service Plugin" as the "OEMConfig app".

 

Now we can edit the relevant OEMConfig setting in the configuration designer. We set Enable device policy controls to true.

 

Editing the relevant OEMConfig settings in the configuration designer with the "Enable device policy controls" highlighted.Editing the relevant OEMConfig settings in the configuration designer with the "Enable device policy controls" highlighted.

 

Next, we define a profile name within the Knox Service Plugin, "PTT Config for MS Teams", and add our KPE Premium license key. We select Configure to see additional, device-wide settings.

 

Note: Alternatively, you can use the Locate search link to find settings quicker.

 

Configuring the relevant Knox Service Plugins in the configuration designer.Configuring the relevant Knox Service Plugins in the configuration designer.

 

Next to the Device key Mapping option, we select Configure.

 

Device Key Mapping setting with the "Configure" option highlighted.Device Key Mapping setting with the "Configure" option highlighted.

 

In the device Device Key Mapping section, we configure three parameters. First, Enable Key Mapping must be set to true. The second setting, Enable XCover/Active Key Mapping for Microsoft Teams, also must be set true to link Teams to the hardware button. And lastly, Enable Key Mapping to Launch applications must be set to false (to disable this feature).

 

Knox Service Plugin settings with the Enable: Key Mapping, XCover/Active Key Mapping for Microsoft Teams, and Key Mapping to Launch applications settings highlighted.Knox Service Plugin settings with the Enable: Key Mapping, XCover/Active Key Mapping for Microsoft Teams, and Key Mapping to Launch applications settings highlighted.

For information on using the Knox Service Plugin to map the XCover Pro key to Teams, see Microsoft Intune: Map key for Walkie Talkie | (samsungknox.com).

 

In the Assignments tab, we assign this profile to the device group as we did in earlier sections.  We have configured everything we needed in Intune. Now we will continue to our Teams configuration.

 

Add the Walkie Talkie app

The Walkie Talkie function is not enabled by default in Microsoft Teams. To enable it for your users, you need to use the admin center. You'll need a Teams policy that targets the right group of users, e.g., all frontline workers (your company might have an existing Teams policy you can use). To add the Walkie Talkie function, you add the app (Add apps) to the policy. Then, pin app for easier discovery.

 

Screenshot of the Microsoft Teams admin center with the Installed apps > Add pinned apps screen highlighted around the Walkie Talkie app.Screenshot of the Microsoft Teams admin center with the Installed apps > Add pinned apps screen highlighted around the Walkie Talkie app.

 

When the user logs on to the device and starts Teams, they see a list of channels to choose from. When the user starts the Walkie Talkie app, they select the channel they want to use. After that, the user can either push the Walkie Talkie button in the app or the hardware button on the XCover Pro device.

 

Example flow of when a user logs into Microsoft Teams and selecting a Teams channel to use.Example flow of when a user logs into Microsoft Teams and selecting a Teams channel to use.

 

Note: If the Walkie Talkie app is assigned to the hardware button, users can communicate with Walkie Talkie even if the device screen is off.

 

The following video shows the use of a dedicated device with Walkie Talkie enabled.

 

 

Now that you have a better understanding of how to enable Microsoft Teams Walkie Talkie on Galaxy XCover Pro devices in Microsoft Intune, you can help your company take advantage of this convenient technology. If you have any questions, reply to this post or reach out to @IntuneSuppTeam on Twitter.

Posted at https://sl.advdat.com/31CLt74