Microsoft Teams Shared Device / Common Area Phone Configuration
This article provides guidance for configuring Microsoft Teams Shared Device phones (also known as Common Area Phones) in accordance with Microsoft-recommended authentication and deployment best practices. It is intended for lobby phones, warehouse phones, breakroom phones, and other shared spaces where a device is not assigned to an individual user.
This guidance is based on Microsoft Learn documentation and reflects current platform behavior and limitations.
What Is a Shared Device (Common Area) Phone?
A Shared Device Phone is a Microsoft Teams–certified phone placed in a shared space and signed in using a dedicated account that is not tied to a specific user. These devices are designed for walk-up calling scenarios and do not provide a full user experience such as calendars or personal chat history.
Common area phones:
- Are signed in with a User Account
- Use the Microsoft Teams Shared Devices license
- Support inbound and outbound calling
- Do not support calendar visibility or one‑touch meeting join by design
Microsoft recommends common area phones for shared environments such as lobbies, warehouses, reception desks, and hallways.
Supported Licensing
Each common area phone requires:
- Microsoft Teams Shared Devices license
- Includes Teams Phone functionality
- Does not require an additional Teams Phone Standard license
Note: The Shared Devices license is the modern replacement for the legacy "Common Area Phone" license name.
If calendar visibility or one‑touch meeting join is required, Microsoft recommends using a Teams Rooms system with a Teams Rooms license instead, or a full user license.
Authentication & Security Best Practices
Microsoft explicitly differentiates shared device authentication from personal user authentication. Applying personal-user security controls to shared devices frequently results in sign‑in failures.
Key Recommendations
- Use a dedicated Account for each phone
- Manually set a strong password for the account
- Exclude shared device accounts from password expiration policies
- Exclude shared device accounts from interactive MFA requirements
- Avoid applying personal-device Conditional Access policies to shared devices
Shared devices cannot complete MFA challenges and do not have a user available to reset expired passwords, which can leave devices signed out and unusable until manually recovered by an administrator.
Microsoft recommends grouping all Teams phone resource accounts into a dedicated Entra ID group to simplify Conditional Access exclusions.
Deployment Overview
Microsoft defines the following high‑level deployment process for common area phones:
- Purchase Teams Shared Devices licenses
- Create a user account for each device
- Assign the Teams Shared Devices license
- Configure Teams IP Phone policies
- Assign a phone number
- Sign in on the physical device
Each of these steps is summarized below.
Step 1: Create the Resource Account
Create a new account in Microsoft 365 for each common area phone.
Microsoft guidance:
- Create the account as a standard user object
- Use a descriptive name such as
Main Lobby PhoneorWarehouse Phone - Manually set the password
- Do not require password change at first sign‑in
Manually setting the password prevents unexpected sign‑out events and aligns with shared-device authentication requirements.
Step 2: Assign Licensing
Assign the following license to the resource account:
- Microsoft Teams Shared Devices
When this license is assigned:
- Teams Phone functionality is included
- No additional Phone System license is required
Calling Plans or Operator Connect services may still be required depending on how PSTN service is provided.
Step 3: Configure Teams IP Phone Policy
Common area phones should use a Common Area Phone sign‑in mode to limit functionality and prevent personal-user features.
Microsoft supports configuring this behavior using the Teams IP Phone Policy, which controls:
- Sign‑in mode
- Directory access
- Home screen access
- Hot desking behavior
This policy ensures the phone presents a simplified interface appropriate for shared use.
Step 4: Assign Phone Numbers
After licensing and policy assignment:
- Assign a phone number to the resource account
- The number may be provided CallTower Operator Connect, or CallTower Direct Routing
Once assigned, the phone will be able to place and receive PSTN calls.
Step 5: Sign In on the Device
On the physical Teams phone:
- Power on the device
- Select Sign in
- Enter the resource account credentials
- Complete initial device provisioning
After sign‑in, the phone will display the common area phone interface.
Known Limitations (Working as Designed)
The following behaviors are expected and by design when using the Teams Shared Devices license:
- No calendar or meeting list
- No one‑touch meeting join
- No personal chat history
- No personal Teams app experience
These limitations are intentional and are not defects. Organizations requiring meeting room experiences should deploy Teams Rooms devices instead.
Troubleshooting Sign‑In Issues
Most sign‑in failures on common area phones are caused by:
- Password expiration
- MFA enforcement
- Conditional Access policies applied to shared accounts
Review Conditional Access exclusions and password policies first when troubleshooting authentication issues.
References
- Authentication best practices for Teams phones (Microsoft Learn)
- Set up common area phones for Microsoft Teams (Microsoft Learn)
These articles define Microsoft’s supported configuration model and should be referenced for the latest platform updates.