OAuth 2.0 and third-party application ID

This post has been republished via RSS; it originally appeared at: Skype for Business Blog articles.

To provide our customers with best-in-class security across our services, Microsoft is implementing the use of Microsoft Identity Platform 2.0 (an evolution of the Azure Active Directory identity service) which uses the OAuth 2.0 authorization protocol. OAuth 2.0 is a method through which a third-party app can access web-hosted resources on behalf of a user, through a third-party application ID.

 

This change only impacts Skype for Business IP Phones certified under 3PIP program.

 

Deployment Type

Impact Statement

Skype for Business Online

All phones must be updated by July 1st and tenant admins must have approved phone partners App ID using the consent URL

Skype for Business On-Premises Hybrid (With Modern Auth Deployed)

All phones must be updated by July 1st and tenant admins must have approved phone partners App ID using the consent URL

Skype for Business On-Premises Hybrid (No Modern Auth)

No Impact

Skype for Business On-Premises No Hybrid

No Impact

 

As result of this change, Skype for Business IP Phone partners have made a code change to embed the partner specific application ID in their firmware. The customer tenant admin will be required to confirm consent to allow the third-party phone application to be granted the necessary permissions (the same permissions currently being used by Skype for Business IP Phones).

 

consent permissions.png

 

Skype for Business IP Phone partners will provide customers with a partner specific consent URL. Customer admin will need to perform a one time, tenant wide (all users), consent per IP Phone partner (i.e. one consent URL for Yealink, one consent URL for Crestron, etc.)

 

Microsoft IP Phone partners will post additional information via their own communication channels, including the firmware version that includes the necessary changes.

 

This change requires customers to perform a 2 step process:

Step 1: Accept permissions request using the consent URL (can be done at any time)

Step 2: Upgrade all impacted phones to the firmware version communicated by the Microsoft IP Phone partners

 

All certified Skype for Business IP phones must be updated by July 1st, 2019. Without the update, successful authentication to Microsoft services on IP Phones will fail. Specifically, signing to the device via web or using a user name/password on the phone will fail. Customers are encouraged to work with their certified Skype for Business IP Phone provider to make the update before the deadline.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.