Enabling 3rd Party Azure AD Applications for Skype for Business Online Phones

Last Updated: 15/5/2019

Introduction

Microsoft have announced that from July 1st 2019 January 15th 2020, the shared Azure AD application/client that all 3PIP (3rd party) phones currently use will be revoked. Moving forward, each vendor will need to issue thier own specific Azure AD application. This means that if you have 3PIP phones that connect to Skype or Exchange Online you will be impacted.

Will I be impacted?

Here are the following 3PIP deployment scenarios (taken from a very helpful AudioCodes article) and wether any action is required:

Deployment Type Action Required
Skype for Business Online Yes
Skype for Business On-Premises Hybrid (with Modern Auth) Yes
Skype for Business On-Premises Hybrid (no Modern Auth) No
Skype for Business On-Premises No Hybrid No
Skype for Business On-Premises Hybrid (with Modern Auth) / Exchange Online Yes
Skype for Business On-Premises No Hybrid / Exchange Online Yes

Essentially, if you are using 3PIP phones with SfB Online, Exchange Online or SfB Hybrid with Modern Auth you will need to take action.

What do I need to do?

You will need to take the following actions before July 1st 2019:

Step 1 - Approve the vendor-specific Azure AD application ID(s) - if you have multiple vendors in use, you will need to repeat this step for each one. This is done by clicking on the vendor-specific consent URL and accepting it. Note: You will need to have Tenant Admin rights within Azure AD to provide consent

  1. Go to the approval link for the vendor:
| Vendor     | Approval Link                                                                                                                                                   |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Poly       | https://login.microsoftonline.com/common/adminconsent?client_id=a850aaae-d5a5-4e82-877c-ce54ff916282&redirect_uri=https://dialin.plcm.vc/teams/postconsent.html |
| AudioCodes | https://login.microsoftonline.com/common/adminconsent?client_id=da7b5888-f76d-4244-9688-afac90a03d49                                                            |
| Crestron   | https://login.microsoftonline.com/common/adminconsent?client_id=79de0e1a-a797-4c17-abe8-bff3debd8d23                                                            |
  1. Sign in with Tenant Admin account
  2. Approve the permissions that are required:

Step 2 - Upgrade the firmware of all impacted phones. See table below for minimum supported version:

Vendor Model Minimum Version
Poly VVX 5.9.3x - Due Mid May
Poly Trio 5.9.0 Rev AB - Due Mid May
Poly Group Series (VC) 6.2.1.1 - Due Mid June
AudioCodes 405HD 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes 420HD 3.0.1 - Due June
AudioCodes 430HD 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes 440HD 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes 445HD 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes 450HD 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes HRS 3.1.3-4* - Due End May, 3.2.1 - Due June**
AudioCodes C450HD (SfB Mode) 3.2.1 - June**

* The default application/client ID is unchanged. However, you can change it to the new application ID via configuration

** The default application/client ID is changed to the new vendor-specific ID

Wrap Up

As long as the any affected 3PIP phones are identified and the steps above are put in place before July 1st January 15th 2020, you should be fine. As no firmware has been released so far, it’s hard to 100% say for sure.

I will attempt to keep this blog post up to date as vendors release more details and firmware.

Reference Articles

Adam Jacob’s (Poly) Article

Tom Arbuthnot’s Article

AudioCodes Article

Creston Article