Microsoft Online Device Registration with OAuth 2.0 via 3rd party Azure application ID
Yesterday Microsoft published a blog article, which announced their plans to revoke support for the existing Azure application ID leveraged by their 3rd party device vendors.
The existing application ID is embedded within each respective device firmware and today this is pointed at an Azure application hosted within Microsoft’s tenant. Microsoft’s goal here is for each respective device vendor to deploy their own Azure application with the permissions required for the device to register to Azure Active Directory.
The change from a device standpoint is a simple one and speaking from a Poly perspective, my employer, we’ve tested this across our VVX, Trio and Group Series lines of product. However…once this change is implemented within our firmware it requires that the customer or specifically the customer’s administrator, performs a tenant-wide consent as our Azure application is not whitelisted like Microsoft’s.
This consent would grant the Poly Azure application with the rights required to perform authentication on behalf of the device against the respective customer’s Azure Active Directory.
Full list of rights can be seen below:
I will update this post as soon as Poly have a date for each respective device firmware, but rest assured our friends at Microsoft won’t pull the plug on the existing application ID until this transition is completed.
In the meantime for those that want to be ahead of the curve the Poly consent URL is here.
Timelines for updates below, please note these are targets and could be subject to change. Also note: prior to upgrading to these releases online customers must perform the consent via the URL above.
Hi,
thank you for your very useful article, much appreciated!
Can you share the current application id used by these devices?
And what functionality is lost if we do not want to grant this consent due to security concerns?
The current App ID is Microsoft’s once the update is completed to a version that defaults to Poly’s App ID consent is required or any O365 services will not longer function.
Hey, if SfB is auto downgrading VVX401 to UC Software Version: 5.6.0.17325. yet,
Latest MS certified version is: 5.9.0.9373
How does one get SfB to provide latest certified version to prevent auto downgrading to legacy firmware version?
will need to know this for ver. 5.9.3 when it comes out too
You can turn off device update via PowerShell. Refer to the EnableDeviceUpdate parameter, explained in more detail here
I noticed the Application ID has changed the old App ID doesn’t work and the new one goes to RealConnect any reason why?
Hi Daniel, we had some reports from customers that there was not a confirmation (reply URL) when performing the consent. Temporarily we’re using the consent response for our RealConnect Service. This will likely get updated again with a different URL soon. The consent however is still the same and for existing folks that have run this they do not need to repeat this process.
– Adam
Thank you Adam
5.9.4 was released yesterday and can be downloaded from with the RM tool or directly from the web.
Go here and then scroll down and select the 5.9.4.3247 link.
https://support.polycom.com/content/support/north-america/usa/en/support/voice/business-media-phones/vvx601.html