Tom Talks Microsoft Teams and Microsoft 365 Collaboration news and opinions

Office 365 will Enforce Mandatory use of TLS 1.2 from October 31, 2018, so Lync Phone Edition (which does not support TLS 1.2) will not be able to Connect to Skype for Business Online

16th April 2018 Update: Microsoft has now confirmed this in an official blog (which was an old blog that has been updated):

“Office 365 will enforce TLS 1.2 later this year. Since the underlying operating system of LPE does not support TLS 1.2, LPE will not be able to connect to Office 365 anymore”

https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Certified-Skype-for-Business-Online-Phones-and-what-this-means/ba-p/120035 ”

Note this will affect connecting to Skype for Business Online, but also Exchange Online for those using Exchange Online Unified Messaging.

24th April 2018 Update – a number of providers are doing LPE replacement offers

#####

In line with security best practices, and for very good reasons as Microsoft explain in their advisory, Microsoft is moving Office 365 to mandatory TLS 1.2.

“In support of our promise to provide best-in-class encryption to our customers, we are planning to discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 soon in Microsoft Office 365.

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for the use of TLS 1.0 and 1.1 in Office 365.

For information about how to remove TLS 1.0 and 1.1 dependencies, see the whitepaper Solving the TLS 1.0 problem.“

https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365

As of October 31, 2018, Microsoft Office 365 will no longer support TLS 1.0 and 1.1. Most clients and browsers all support 1.2 now, so for most customers, this shouldn’t be a big issue. One consideration in the Skype for Business world is that Lync Phone Edition does not support TLS 1.2.

 

Lync Phone Edition

image

For those needing a refresher, Lync Phone Edition are the IP Phones first launched alongside Lync 2010. The phones were produced by third-party certified providers like Polycom, Mitel/Aastra and HP/Snom, but all run Windows CE 6.0 and a Microsoft written Lync Phone client (codename Aries).

LPE Phones :

  • Polycom: CX500, CX600, and CX3000
  • Hewlett-Packard: 4110 and 4120
  • Mitel-Aastra: 6721ip and 6725ip

Over time Microsoft increasingly pushed customers to the newer qualified IP Phones (such as Polycom VVX, AudioCodes and Yealink) where the vendor writes the OS and phone application to work to a Microsoft certified specification for Skype for Business, but a good number of Lync Phone Edition Phones are still around today. They work on Skype for Business Server and Skype for Business Online today

Checking the Microsoft site, they are no longer listed as supported with the exception of the Mitel MiVoice 6725 Lync Phone which I think is an oversight.

https://partnersolutions.skypeforbusiness.com/solutionscatalog/cloud-ip-phones

image

But they are still listed as supported on docs.microsoft.com:

https://docs.microsoft.com/en-us/SkypeForBusiness/what-is-phone-system-in-office-365/getting-phones-for-skype-for-business-online/getting-phones-for-skype-for-business-online

Their actual end of mainstream support is April 2018 and Extended support is April 2023

image

https://support.microsoft.com/en-gb/lifecycle/search?alpha=lync%20phone%20edition

Windows CE 6.0 hits end of extended support in April 2018

image

https://support.microsoft.com/en-gb/lifecycle/search?alpha=Windows%20Embedded%20CE%206.0

Windows CE and therefor Lync Phone Edition doesn’t support TLS 1.2, which means that unless Microsoft chooses to update LPE (which I very much doubt will happen) LPE Phones won’t be able to sign into Office 365/Skype for Business Online after October 2018.

I doubt this affects a large number of customers, as certified phones have been the recommendation for some time, but it’s worth being aware I think.

What is curious is that Microsoft is creating a “cloud gateway” to allow Skype for Business Phones to work with Teams (alongside new dedicated Teams IP Phones). At the time of announcing this, it was said that LPE Phones would be supported, but I can’t see how this would be the case, as surely this gateway, as part of Office 365, will also use TLS 1.2. Update, LPE phones will not be supported with Microsoft Teams

Note, this won’t affect Lync Phone Edition signing into SfB Server 2015. SfBS 2015 will have a supported method to disable TLS 1.0/1.1, but it will be a customer configurable option. This also doesn’t affect non-LPE phones/3IP certified phones which are mostly based on Linux and all support TLS 1.2.

 

Interested in the nitty-gritty detail on TLS and LPE? Check out this excellent blog from Trevor Miller: https://ucvnext.org/2016/03/lync-phone-edition-tls-limitations/

About the author

Tom Arbuthnot

A Microsoft MVP and Microsoft Certified Master, Tom Arbuthnot is Principal Solutions Architect at Microsoft Collaboration specialists Modality Systems.

Tom stays up to date with industry developments and shares news and his opinions on his blog, Microsoft Teams Podcast and email list. He is a regular speaker at events around the world.

5 comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tom Talks Microsoft Teams and Microsoft 365 Collaboration news and opinions