Enabling 3rd Party Azure AD Applications for Skype for Business Online Phones
Last Updated: 15/5/2019
Introduction
Microsoft have announced that from July 1st 2019 January 15th 2020, the shared Azure AD application/client that all 3PIP (3rd party) phones currently use will be revoked. Moving forward, each vendor will need to issue thier own specific Azure AD application. This means that if you have 3PIP phones that connect to Skype or Exchange Online you will be impacted.
Will I be impacted?
Here are the following 3PIP deployment scenarios (taken from a very helpful AudioCodes article) and wether any action is required:
| Deployment Type | Action Required |
|---|---|
| Skype for Business Online | Yes |
| Skype for Business On-Premises Hybrid (with Modern Auth) | Yes |
| Skype for Business On-Premises Hybrid (no Modern Auth) | No |
| Skype for Business On-Premises No Hybrid | No |
| Skype for Business On-Premises Hybrid (with Modern Auth) / Exchange Online | Yes |
| Skype for Business On-Premises No Hybrid / Exchange Online | Yes |
Essentially, if you are using 3PIP phones with SfB Online, Exchange Online or SfB Hybrid with Modern Auth you will need to take action.
What do I need to do?
You will need to take the following actions before July 1st 2019:
Step 1 - Approve the vendor-specific Azure AD application ID(s) - if you have multiple vendors in use, you will need to repeat this step for each one. This is done by clicking on the vendor-specific consent URL and accepting it. Note: You will need to have Tenant Admin rights within Azure AD to provide consent
- Go to the approval link for the vendor:
| Vendor | Approval Link |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Poly | https://login.microsoftonline.com/common/adminconsent?client_id=a850aaae-d5a5-4e82-877c-ce54ff916282&redirect_uri=https://dialin.plcm.vc/teams/postconsent.html |
| AudioCodes | https://login.microsoftonline.com/common/adminconsent?client_id=da7b5888-f76d-4244-9688-afac90a03d49 |
| Crestron | https://login.microsoftonline.com/common/adminconsent?client_id=79de0e1a-a797-4c17-abe8-bff3debd8d23 |
- Sign in with Tenant Admin account
- Approve the permissions that are required:
Step 2 - Upgrade the firmware of all impacted phones. See table below for minimum supported version:
| Vendor | Model | Minimum Version |
|---|---|---|
| Poly | VVX | 5.9.3x - Due Mid May |
| Poly | Trio | 5.9.0 Rev AB - Due Mid May |
| Poly | Group Series (VC) | 6.2.1.1 - Due Mid June |
| AudioCodes | 405HD | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | 420HD | 3.0.1 - Due June |
| AudioCodes | 430HD | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | 440HD | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | 445HD | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | 450HD | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | HRS | 3.1.3-4* - Due End May, 3.2.1 - Due June** |
| AudioCodes | C450HD (SfB Mode) | 3.2.1 - June** |
* The default application/client ID is unchanged. However, you can change it to the new application ID via configuration
** The default application/client ID is changed to the new vendor-specific ID
Wrap Up
As long as the any affected 3PIP phones are identified and the steps above are put in place before July 1st January 15th 2020, you should be fine. As no firmware has been released so far, it’s hard to 100% say for sure.
I will attempt to keep this blog post up to date as vendors release more details and firmware.
