Microsoft Online Device Registration with OAuth 2.0 via 3rd party Azure application ID

April 26th, 2019 | Tags:

Yesterday Microsoft published a blog article, which announced their plans to revoke support for the existing Azure application ID leveraged by their 3rd party device vendors.

The existing application ID is embedded within each respective device firmware and today this is pointed at an Azure application hosted within Microsoft’s tenant. Microsoft’s goal here is for each respective device vendor to deploy their own Azure application with the permissions required for the device to register to Azure Active Directory.

The change from a device standpoint is a simple one and speaking from a Poly perspective, my employer, we’ve tested this across our VVX, Trio and Group Series lines of product. However…once this change is implemented within our firmware it requires that the customer or specifically the customer’s administrator, performs a tenant-wide consent as our Azure application is not whitelisted like Microsoft’s.

This consent would grant the Poly Azure application with the rights required to perform authentication on behalf of the device against the respective customer’s Azure Active Directory.

Full list of rights can be seen below:

I will update this post as soon as Poly have a date for each respective device firmware, but rest assured our friends at Microsoft won’t pull the plug on the existing application ID until this transition is completed.

In the meantime for those that want to be ahead of the curve the Poly consent URL is here.

Timelines for updates below, please note these are targets and could be subject to change. Also note: prior to upgrading to these releases online customers must perform the consent via the URL above.

Device nameSoftware VersionTimelineDownload
VVX Phones5.9.4.3247Late-SeptURL
Poly Trio5.9.1.10419Late-SeptURL
Group Series6.2.1.1Mid-JuneURL
  1. Tonino Bruno
    May 9th, 2019 at 05:16
    Reply | Quote | #1


    thank you for your very useful article, much appreciated!

    Can you share the current application id used by these devices?
    And what functionality is lost if we do not want to grant this consent due to security concerns?

  2. Adam [I’m a UC Blog]
    May 16th, 2019 at 11:42
    Reply | Quote | #2

    The current App ID is Microsoft’s once the update is completed to a version that defaults to Poly’s App ID consent is required or any O365 services will not longer function.

  3. Stephen
    May 22nd, 2019 at 18:30
    Reply | Quote | #3

    Hey, if SfB is auto downgrading VVX401 to UC Software Version: yet,
    Latest MS certified version is:
    How does one get SfB to provide latest certified version to prevent auto downgrading to legacy firmware version?
    will need to know this for ver. 5.9.3 when it comes out too

  4. Adam [I’m a UC Blog]
    May 24th, 2019 at 14:40
    Reply | Quote | #4

    You can turn off device update via PowerShell. Refer to the EnableDeviceUpdate parameter, explained in more detail here

  5. Daniel West
    June 5th, 2019 at 17:50
    Reply | Quote | #5

    I noticed the Application ID has changed the old App ID doesn’t work and the new one goes to RealConnect any reason why?

  6. Adam [I’m a UC Blog]
    June 6th, 2019 at 10:19
    Reply | Quote | #6

    Hi Daniel, we had some reports from customers that there was not a confirmation (reply URL) when performing the consent. Temporarily we’re using the consent response for our RealConnect Service. This will likely get updated again with a different URL soon. The consent however is still the same and for existing folks that have run this they do not need to repeat this process.

    – Adam

  7. Daniel West
    June 6th, 2019 at 21:03
    Reply | Quote | #7

    Thank you Adam

  8. Mike Messer
    September 19th, 2019 at 13:04
    Reply | Quote | #8

    5.9.4 was released yesterday and can be downloaded from with the RM tool or directly from the web.

    Go here and then scroll down and select the link.