Security is one of the most important aspects within Information Technology. As technology advances so do the requirements for a robust security system to prevent breaches and threats to your data. To combat this, Microsoft will be implementing Microsoft Identity Platform 2.0 which will utilize OAuth 2.0. In this article we’ll be discussing this latest evolution to Microsoft’s Azure Active Directory identity service and show you how to prepare for this change in your environment.
What is OAuth 2.0?
Simply put, OAuth 2.0 is an authorization protocol that supersedes the original OAuth protocol. OAuth 2.0 provides authorization flows for web applications, desktop applications, mobile phones, and living room devices. OAuth 2.0 will use a method by which you can access web-hosted resources on behalf of a user via a third-party application ID. That’s great to hear… but how would this impact your Skype for Business environment? Great question! This comes into play for Skype for Business when you have 3PIP phones . 3PIP is short for 3rd party IP, meaning Skype for Business certified IP phones such as AudioCodes, Crestron, Polycom, and Yealink.
Who does this affect?
This update to the 3PIP firmware will only be required if you fall under one of these 2 scenarios:
- You have a strictly Skype for Business Online environment
- Skype for Business hybrid w/ Modern Auth enabled
Who isn’t affected?
This update to the 3PIP firmware will NOT be required if you fall under one of these 2 scenarios:
- Skype for Business on-premises (no hybrid)
- Skype for Business hybrid w/ Moden Auth disabled
How do I update my 3PIP firmware?
The 3PIP manufacturers have made a code change to embed the application ID into their firmware. Each manufacturer will have a different application ID, so this means if you have multiple types of 3PIP phones in your environment then you will have to update the firmware with the new application ID for each phone manufacturer. Each vendor “application ID” needs approval by a tenant admin before phones with that ID/from that 3PIP manufacturer will be able to sign into your tenant. This means the approval must be completed before you move to this updated firmware(s).
Where do I go for this approval process?
Fear not, Tom Talks has included the links to the application ID for each vendor (Yealink link coming soon)!
- Polycom approval URL (thanks to Adam Jacobs from Poly’s blog)
- Crestron approval URL (thanks to Crestron)
- AudioCodes approval URL (thanks AudioCodes)
- Yealink approval URL (thanks Lewis Lin of Yealink)
We take you through 10 best practices, considerations, and suggestions that can enrich your Microsoft Teams deployment and ensure both end-user adoption and engagement.
Once you navigate to the corresponding 3PIP manufacturers link, you’ll be prompted with the following:
In the image above you’ll see a breakdown of the things that the 3PIP manufacturer will need your permissions to access. Once the permissions have been granted you’ll see something informing you that the approval has been properly consented to. You will need to grant these permissions once per 3PIP manufacturer which will cover all models of that specific manufacturer (i.e. once for AudioCodes, once for Crestron, once for Polycom, and once for Yealink).
Note: Granting the required permissions for the 3PIP phones grants no additional functionality than what the 3PIP phones already have in your environment today.
To confirm that the permissions have been granted for the specific 3PIP firmware update, you can hop on over to Azure AD admin center > Enterprise Applications > All Applications > Look for the 3PIP application ID.
What firmware version will I need to update to?
At this time, I only have the Polycom firmware versions but will be updating this article as other manufacturer firmware version details are released.
|Device name||Software Version||Timeline|
|Poly Trio||5.9.0 Rev AB||Mid-May|
What is the deadline?
Luckily you still have more than a month to get this in place. As long as you act before July 1st, 2019, then you won’t have any issues signing your 3PIP phones into Skype for Business Online. I will update this article with any news released on this topic as it becomes available. I hope you have found this helpful and if you want to check out the official Microsoft documentation on this topic, you can do so here.