All Skype for Business IP Phones must be firmware updated by... - Tom Talks Blog

15th May 2019 Update: The date has moved from July 1st 2019 to January 15, 2020.

12th January 2020 Update: The date has moved to 15th July 2020 – details here

If you have SfB Certified IP Phones (3PIP) from AudioCodes, Crestron, Polycom or Yealink signing into to Skype for Business Online (or Microsoft Teams via cloud interop), you will need to firmware update them and take one time tenant admin steps to approve each vendor's phones sign in to your Office 365 tenant (once per vendor) or they will fail to sign in after January 15, 2020.

Today all certified phones used the same single Azure application ID, which is used as part the process for signing into Office 365. Microsoft is moving authentication a model where each 3rd party phone vendor will each have a unique vendor application ID.

Each vendor will issue updated firmware with their application ID embedded.

Each vendor "app ID" needs approval by a tenant admin before phones with that ID/from that vendor will be able to sign in to your tenant. This means the approval must be completed before you move to this updated firmware(s).

Approval Process

Approval involves clicking a link each vendor will provide:

I will list them on this blog as they become available. The URL grants the following permissions

These permissions are no different from what the phones have today.

Each vendor will be providing specific details of which firmware has their new application ID in, and the above approval process will need to be completed before phones with that firmware will be able to sign in so this process will need to be carefully managed/synchronised.

You can see the application ID as approved in Azure AD

Firmware Versions

I will list the firmware versions as they are released. Today no vendors have GA firmware with their own app ID.

Polycom firmware versions with target dates (via Adam Jacobs)

Device name Software Version Timeline
VVX Phones 5.9.3 Mid-May
Poly Trio 5.9.0 Rev AB Mid-May
Group Series Mid-June


Series Model Version
T5X Desk Phone Series T58A and above
Conference Phone CP960 and above
T4XS Desk Phone Series T48S and above
T4XG Desk Phone Series T48G and above
T46G and above
T41P/T42G and above

Frequently Asked Questions

All answers to the best of my knowledge while the detail unfolds. Subscribe to the email updates to stay informed.

Does this affect phones connecting to Skype for Business Online?


Does this affect phones connecting to Skype for Business Server?

No, unless you specifically SfB server for oAuth sign in

Does this affect phones connecting to Skype for Business Server but using Exchange UM Online or Cloud Voicemail?

Yes, since they have to authenticate to Office 365, but awaiting confirmation

Does this affect SfB Online certified phones being used against Microsoft Teams via the Cloud Interop Gateway?


Will it be the same app/consent allow all phones of a specific vendor to connect? e.g. is this a one time action per phone vendor (or model)?

App consent is once per 3PIP vendor, so once for Poly, AudioCodes, Yealink and Crestron.

Will there be Office 365 message centre communications?


What about Lync Phone Edition?

LPE is out of support and end of life. They will shortly not sign into Office 365 due to TLS1.2/3DES, and this will also prevent them from signing in

Does this apply to Microsoft Teams (native) Phones?

No, Teams Phones run android and then a native Microsoft produced Teams app and uses native oauth and sign in.

The original Microsoft Blog Post

If you are interested, here are some snippets from the original Skype for Business Blog. Thanks to Tom Morgan for highlighting it on twitter.

To provide our customers with best-in-class security across our services, Microsoft is implementing the use of Microsoft Identity Platform 2.0 (an evolution of the Azure Active Directory identity service) which uses the OAuth 2.0 authorization protocol.

OAuth 2.0 is a method through which a third-party app can access web-hosted resources on behalf of a user, through a third-party application ID.

As result of this change, Skype for Business IP Phone partners have made a code change to use partner specific application ID. When deployed, the customer tenant admin will be required to confirm consent to allow the third-party phone application to be granted the necessary permissions (the same permissions currently being used by Skype for Business IP Phones).

All certified Skype for Business IP phones must be updated by July 1st, 2019. Without the update, successful authentication to Microsoft services on IP Phones will fail. Customers are encouraged to work with their certified Skype for Business IP Phone provider to make the update before the deadline.


Adblock test (Why?)


Popular posts from this blog

SIP Phones Explained - Telecom Reseller

Cyber Monday: The best software deals for charities - Charity Digital News

The toll-free way to bring in more customers - GeekWire