Microsoft Teams and Skype for Business thoughts and news

Tom Arbuthnot MVP
Tom Arbuthnot MCSM Communications

This site uses cookies

Find this blog useful? Please take a second to share, thanks!

Office 365 will Enforce Mandatory use of TLS 1.2 from October 31, 2018, so Lync Phone Edition (which does not support TLS 1.2) will not be able to Connect to Skype for Business Online

Published 24/03/2018 - 5 Comments

16th April 2018 Update: Microsoft has now confirmed this in an official blog (which was an old blog that has been updated):

“Office 365 will enforce TLS 1.2 later this year. Since the underlying operating system of LPE does not support TLS 1.2, LPE will not be able to connect to Office 365 anymore”

https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Certified-Skype-for-Business-Online-Phones-and-what-this-means/ba-p/120035 ”

Note this will affect connecting to Skype for Business Online, but also Exchange Online for those using Exchange Online Unified Messaging.

24th April 2018 Update – a number of providers are doing LPE replacement offers

#####

In line with security best practices, and for very good reasons as Microsoft explain in their advisory, Microsoft is moving Office 365 to mandatory TLS 1.2.

“In support of our promise to provide best-in-class encryption to our customers, we are planning to discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 soon in Microsoft Office 365.

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for the use of TLS 1.0 and 1.1 in Office 365.

For information about how to remove TLS 1.0 and 1.1 dependencies, see the whitepaper Solving the TLS 1.0 problem.“

https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365

As of October 31, 2018, Microsoft Office 365 will no longer support TLS 1.0 and 1.1. Most clients and browsers all support 1.2 now, so for most customers, this shouldn’t be a big issue. One consideration in the Skype for Business world is that Lync Phone Edition does not support TLS 1.2.

 

Lync Phone Edition

image

For those needing a refresher, Lync Phone Edition are the IP Phones first launched alongside Lync 2010. The phones were produced by third-party certified providers like Polycom, Mitel/Aastra and HP/Snom, but all run Windows CE 6.0 and a Microsoft written Lync Phone client (codename Aries).

LPE Phones :

  • Polycom: CX500, CX600, and CX3000
  • Hewlett-Packard: 4110 and 4120
  • Mitel-Aastra: 6721ip and 6725ip

Over time Microsoft increasingly pushed customers to the newer qualified IP Phones (such as Polycom VVX, AudioCodes and Yealink) where the vendor writes the OS and phone application to work to a Microsoft certified specification for Skype for Business, but a good number of Lync Phone Edition Phones are still around today. They work on Skype for Business Server and Skype for Business Online today

Checking the Microsoft site, they are no longer listed as supported with the exception of the Mitel MiVoice 6725 Lync Phone which I think is an oversight.

https://partnersolutions.skypeforbusiness.com/solutionscatalog/cloud-ip-phones

image

But they are still listed as supported on docs.microsoft.com:

https://docs.microsoft.com/en-us/SkypeForBusiness/what-is-phone-system-in-office-365/getting-phones-for-skype-for-business-online/getting-phones-for-skype-for-business-online

Their actual end of mainstream support is April 2018 and Extended support is April 2023

image

https://support.microsoft.com/en-gb/lifecycle/search?alpha=lync%20phone%20edition

Windows CE 6.0 hits end of extended support in April 2018

image

https://support.microsoft.com/en-gb/lifecycle/search?alpha=Windows%20Embedded%20CE%206.0

Windows CE and therefor Lync Phone Edition doesn’t support TLS 1.2, which means that unless Microsoft chooses to update LPE (which I very much doubt will happen) LPE Phones won’t be able to sign into Office 365/Skype for Business Online after October 2018.

I doubt this affects a large number of customers, as certified phones have been the recommendation for some time, but it’s worth being aware I think.

What is curious is that Microsoft is creating a “cloud gateway” to allow Skype for Business Phones to work with Teams (alongside new dedicated Teams IP Phones). At the time of announcing this, it was said that LPE Phones would be supported, but I can’t see how this would be the case, as surely this gateway, as part of Office 365, will also use TLS 1.2. Update, LPE phones will not be supported with Microsoft Teams

Note, this won’t affect Lync Phone Edition signing into SfB Server 2015. SfBS 2015 will have a supported method to disable TLS 1.0/1.1, but it will be a customer configurable option. This also doesn’t affect non-LPE phones/3IP certified phones which are mostly based on Linux and all support TLS 1.2.

 

Interested in the nitty-gritty detail on TLS and LPE? Check out this excellent blog from Trevor Miller: https://ucvnext.org/2016/03/lync-phone-edition-tls-limitations/

Tom Arbuthnot

Tom Arbuthnot

Principal Solutions Architect at Modality Systems
Tom Arbuthnot is Principal Solutions Architect at Unified Communications specialist Modality Systems. He is a Microsoft Certified Master and MVP, blogger, has a regular podcast with UCToday at tomtalks.show and is a regular speaker at events including Microsoft TechEd and Ignite. He co-runs The Microsoft UC User Group London.

5 comments

ryan Bess - 27/03/2018 Reply

Don’t know if you have this in another blog post but may want to mention for those that are ON PREM with UM/Exchange in O365, if your Lync/Skype edge isn’t configured properly (TLS 1.2 enabled both client and server side of the EDGE environment) you will lose access to UM through Edge.

Barbara Pouliot - 27/03/2018 Reply

I would like to see more information about this for on premise Lync 2013 and Skype for Business 2015 installations (no 3rd part PBX) who are using O365 Exchange Online UM.

Find Lync Phone Edition Phones being used on Skype for Business Online - Tom Talks - 16/04/2018 Reply

[…] the news that Lync Phone Edition will no longer work on Skype for Business Online from October 31st 2018, I’ve been asked by a few customers, “how can I check if I have any Lync Phone Edition Phones […]

Office 365 & TLS 1.2 - What do you need to do? - 365 Guy - Perceptions of a Microsoft Solutions Expert - 08/06/2018 Reply

[…] Lync Phones, most manufacturers have a replacement programme, see this post for a list of […]

Microsoft no longer enforcing TLS 1.2 in Office 365 from October 31st 2018 - Tom Talks - 25/10/2018 Reply

[…] an interesting change of plan, originally Microsoft said in their KB […]

Leave a Reply:


close

Weekly Email Update 
of all the key 
Microsoft Teams and Skype for Business News
every Tuesday

No Spam ever, I promise - Tom