Firmware Updates for Continued Exchange Sign in to Office 365 // SfB and Teams Certified IP Phones
Microsoft is requiring third-party applications to be given permission to access the various services within Office 365. Today all certified phones/devices use the same single Azure application ID, which is used as part of the process for signing into Office 365. Microsoft is moving to an authentication model, where each third-party party phone/device vendor will each have a unique vendor application ID. Each Vendor Enterprise Application ID needs approval by a tenant admin before the phones under said ID from the vendor in question will be able to sign into your tenant.
This means the approval must be completed before you move to these updated firmware versions.
For your reference, here is the Official Microsoft Article: https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/OAuth-2-0-and-third-party-application-ID/ba-p/482876
We have found this to be the best source for additional information: https://tomtalks.blog/2019/04/all-skype-for-business-ip-phones-must-be-firmware-updated-by-july-1st-2019-to-continue-to-sign-into-office-365/
WHAT DO I NEED TO DO NOW?
Approval involves clicking a link provided by the vendor.
And accepting the following agreement:
Below is information by Vendor and Approval URLs:
YEALINK
- Yealink Information: https://www.yealink.com/news_187.html
- Yealink approval URL: https://login.microsoftonline.com/common/adminconsent?client_id=f1faadeb-88b3-4852-8138-3b9e23b24619
POLYCOM
- Polycom Information: https://support.polycom.com/content/dam/polycom-support/products/voice/polycom-uc/other-documents/en/2019/microsoft-online-registration-azure-application-id.pdf
- Polycom approval URL: https://login.microsoftonline.com/common/adminconsent?client_id=a850aaae-d5a5-4e82-877c-ce54ff916282&redirect_uri=https://dialin.plcm.vc/teams/postconsent.html
CRESTRON (not supported by CallTower)
- Crestron Information: https://support.crestron.com/app/answers/answer_view/a_id/1000349
- Crestron approval URL:https://login.microsoftonline.com/common/adminconsent?client_id=79de0e1a-a797-4c17-abe8-bff3debd8d23
AUDIOCODES (not supported by CallTower)
- AudioCodes Information: https://online.audiocodes.com/oauth-2-0-appid
- AudioCodes approval URL: https://login.microsoftonline.com/common/adminconsent?client_id=da7b5888-f76d-4244-9688-afac90a03d49
PLEASE NOTE: The current vendor approval URL for Yealink does not contain a redirect URI (Uniform Resource Identifier) so after the approval, it redirects to a default local-host URI which does not work. You can ignore this error and rest assured the approval worked by checking in your Azure Dashboard under Enterprise Applications, look for "Yealink - Skype for Business Certified Phone".
WHEN WILL CALLTOWER UPDATE SUPPORTED DEVICE FIRMWARE?
We will be updating our Provisioning Servers during the July 19, 2019, scheduled Maintenance Window with the following versions of firmware to support these changes:
POLYCOM PHONES
Polycom has not yet included the OAuth changes in their firmware, however we are bringing the version to the current branch and getting the approval URL's out early so that when Polycom releases the fixes (~Q4 2019) we will able to push the latest version of firmware (Most likely 5.9.4 for VVX and 5.9.1 for Trio) with the lowest possible impact, due to the requirement to update BTOE from our previously supported version.
- Polycom Downloads: https://support.polycom.com/content/support/cala/cala/en/support/voice/polycom-uc/polycom-uc-software-release.html
IMPORTANT NOTE IF YOU USE BTOE: Polycom VVX Phones will be updated to 5.9.3.2857 which will also require an updated BTOE version of 4.0.0.0, This updated version of BTOE should not be installed until AFTER the phone has been updated to 5.9.3.2857 or later. If you Update BTOE before the firmware BTOE will cease to function until after the phone is also updated.
- BTOE Information: https://www.uc.solutions/Skype_for_Business/Phones/VVX_Series/Better_Together_Over_Ethernet
- Polycom Downloads: https://support.polycom.com/content/support/cala/cala/en/support/voice/polycom-uc/polycom-uc-software-release.html
POLYCOM TRIO PHONES
Polycom Trio Phones will need to be updated to 5.9.0:
- Trio 8500: https://support.polycom.com/content/support/cala/cala/en/support/voice/polycom-trio/polycom-trio-8500.htm
- Trio 8800: https://support.polycom.com/content/support/cala/cala/en/support/voice/polycom-trio/polycom-trio-8800.html
Polycom CX Series phones will most likely cease to function with Office 365 in January 2020.
YEALINK PHONES
Yealink Phones will be updated from the following links
- CP960 (73.8.0.35): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=24
- T58A,T56A,T55A (55.9.0.14): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=250
- T48S,T46S,T42S,T41S (66.9.0.80): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=218
- T48G (35.8.0.81): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=121
- T46G (28.8.0.81): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=120
- T42G/T41P (29.8.0.81): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=122
- T40P (54.8.1.65): http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=124
This does not affect Yealink T5 Series phones with the Teams firmware loaded.
FAQ SECTION
Question: What happens if an upgrade to respective firmware is not performed?
Answer: Effective January 15, 2020, when users attempt to sign-in on devices that are not upgraded authentication with Office 365 will fail.
Question: What happens if device firmware is upgraded without going through the Consent URL?
Answer: Impacted users’ authentication will fail to sign-in; the tenant administrators are requested to perform the approval consent and retry the authentication.
Question: When should tenant administrators perform the consent?
Answer: Consent should be performed any time before upgrading the device firmware to avoid authentication failures.
Question: If a tenant Administrator performs consent from the provided URL prior to upgrading firmware, will users have any sign-in issues?
Answer: Users shall not have sign-in issues if tenant administrators perform acceptance on consent URL & then proceed with the device Firmware upgrade.
Question: Are Lync phone edition devices (CX Range) impacted by this change?
Answer: Lync phones are out of support and end of life and will fail to sign-in to Office 365 due to lack of support for TLS 1.2.