Update Your Phones (Soon!)

Posted on April 30, 2019 by Richard Brynteson in Skype for Business

Update

UPDATE: Action has been pushed back to January 15, 2020 now to give organizations more time.

Announcement

On Thursday of last week, Microsoft dropped a post on the Tech Communities page with pretty much no context. Here is the announcment:

To provide our customers with best-in-class security across our services, Microsoft is implementing the use of Microsoft Identity Platform 2.0 (an evolution of the Azure Active Directory identity service) which uses the OAuth 2.0 authorization protocol. OAuth 2.0 is a method through which a third-party app can access web-hosted resources on behalf of a user, through a third-party application ID.

Effective immediately, Microsoft requires all IP Phone partners with Skype for Business certified IP Phones to use Azure AD tenant specific third-party application ID.

As result of this change, Skype for Business IP Phone partners have made a code change to use partner specific application ID. When deployed, the customer tenant admin will be required to confirm consent to allow the third-party phone application to be granted the necessary permissions (the same permissions currently being used by Skype for Business IP Phones).

What Does This Mean

Anytime you have the words – effective immediately – in a blog post about a customers enterprise environment that will get some peoples attention. So what is happening under the hood is that each phone provider now has to use their own App ID for approval into your O365 environment. Today, Microsoft gave an internal App ID to phone vendors to embed in their 3PIP phones so they could get access to services. The users of course had to still supply username/password but it was hiding under there.

So now each vendor will have its own App ID.

And when you click on the link, then you approve that vendors App ID into your O365 tenant. Tom has some cool screen shots of this along with a few FAQs on it. One thing I wanted to add to the list is a table because I think it is easier to understand what I need to do.

Deployment Type User Homed Impact Statement
Teams / SfB 3PIP phones using Cloud Interop Gateway Online
All phones must be updated by July 1st and tenant admins must have approved phone partners App ID
SfB Online Online
All phones must be updated by July 1st and tenant admins must have approved phone partners App ID
SfB On-Premises with Modern Auth Enabled Online or On-Premises
All phones must be updated by July 1st and tenant admins must have approved phone partners App ID
SfB On-Premises WITHOUT Modern Auth Enabled Online
All phones must be updated by July 1st and tenant admins must have approved phone partners App ID

SfB On-Premises WITHOUT Modern Auth Enabled
On-Premises No Impact
SfB No Hybrid On-Premises No Impact

IP Phone vendors are working hard to get firmware updated that will allow their phones to play nice with this new security model.

About

These are just some random thoughts and ideas from a Microsoft MVP. We might cover everything from Development, to Teams, to Skype and might even through in a random bit of Azure and AWS

Tags
Social
GitHub
Twitter
Facebook

Built using Gatsby and Material-UI

Copyright © TheArgyleMVP 2020.