New implementation timeline: June 30, 2022
To provide our customers with best-in-class security across our services, Microsoft is implementing the use of Microsoft Identity Platform 2.0 (an evolution of the Azure Active Directory identity service) which uses the OAuth 2.0 authorization protocol. OAuth 2.0 is a method through which a third-party app can access web-hosted resources on behalf of a user, through a third-party application ID.
This change only impacts Skype for Business IP Phones certified under 3PIP program.
Deployment Type |
Impact Statement |
Skype for Business Online |
All phones must be updated and tenant admins must have approved phone partners App ID using the consent URL |
Skype for Business On-Premises Hybrid (With Modern Auth Deployed) |
All phones must be updated and tenant admins must have approved phone partners App ID using the consent URL |
Skype for Business On-Premises Hybrid (No Modern Auth) |
No Impact |
Skype for Business On-Premises No Hybrid |
No Impact |
As result of this change, Skype for Business IP Phone partners have made a code change to embed the partner specific application ID in their firmware. The customer tenant admin will be required to confirm consent to allow the third-party phone application to be granted the necessary permissions (the same permissions currently being used by Skype for Business IP Phones).
Skype for Business IP Phone partners will provide customers with a partner specific consent URL. Customer admin will need to perform a one time, tenant wide (all users), consent per IP Phone partner (i.e. one consent URL for Yealink, one consent URL for Crestron, etc.)
Microsoft IP Phone partners will post additional information via their own communication channels, including the firmware version that includes the necessary changes.
This change requires customers to perform a 2 step process:
Step 1: Accept permissions request using the consent URL (can be done at any time)
Step 2: Upgrade all impacted phones to the firmware version communicated by the Microsoft IP Phone partners
All certified Skype for Business IP phones must be updated by July 15th, 2020 (originally January 15th, 2020). Without the update, successful authentication to Microsoft services on IP Phones will fail. Specifically, signing to the device via web or using a user name/password on the phone will fail. Customers are encouraged to work with their certified Skype for Business IP Phone provider to make the update before the deadline.