16th April 2018 Update: Microsoft has now confirmed this in an official blog (which was an old blog that has been updated):
“Office 365 will enforce TLS 1.2 later this year. Since the underlying operating system of LPE does not support TLS 1.2, LPE will not be able to connect to Office 365 anymore”
Note this will affect connecting to Skype for Business Online, but also Exchange Online for those using Exchange Online Unified Messaging.
24th April 2018 Update – a number of providers are doing LPE replacement offers
- Plantronics: Microsoft LPE Replacement Program
- Jabra: Replacing Lync Phone Edition (LPE) devices for Skype for Business and Microsoft Teams
- Polycom: Polycom Solutions to Work with Microsoft Teams
- Yealink: Lync Phone Edition (LPE) Devices Replacement
- AudioCodes: Replace Lync Phone Edition Devices + Maximize the Value of Skype for Business & Microsof…
#####
In line with security best practices, and for very good reasons as Microsoft explain in their advisory, Microsoft is moving Office 365 to mandatory TLS 1.2.
“In support of our promise to provide best-in-class encryption to our customers, we are planning to discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1 soon in Microsoft Office 365.
The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for the use of TLS 1.0 and 1.1 in Office 365.
For information about how to remove TLS 1.0 and 1.1 dependencies, see the whitepaper Solving the TLS 1.0 problem.“
https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365
As of October 31, 2018, Microsoft Office 365 will no longer support TLS 1.0 and 1.1. Most clients and browsers all support 1.2 now, so for most customers, this shouldn’t be a big issue. One consideration in the Skype for Business world is that Lync Phone Edition does not support TLS 1.2.
Lync Phone Edition
For those needing a refresher, Lync Phone Edition are the IP Phones first launched alongside Lync 2010. The phones were produced by third-party certified providers like Polycom, Mitel/Aastra and HP/Snom, but all run Windows CE 6.0 and a Microsoft written Lync Phone client (codename Aries).
LPE Phones :
- Polycom: CX500, CX600, and CX3000
- Hewlett-Packard: 4110 and 4120
- Mitel-Aastra: 6721ip and 6725ip
Over time Microsoft increasingly pushed customers to the newer qualified IP Phones (such as Polycom VVX, AudioCodes and Yealink) where the vendor writes the OS and phone application to work to a Microsoft certified specification for Skype for Business, but a good number of Lync Phone Edition Phones are still around today. They work on Skype for Business Server and Skype for Business Online today
Checking the Microsoft site, they are no longer listed as supported with the exception of the Mitel MiVoice 6725 Lync Phone which I think is an oversight.
https://partnersolutions.skypeforbusiness.com/solutionscatalog/cloud-ip-phones
But they are still listed as supported on docs.microsoft.com:
Their actual end of mainstream support is April 2018 and Extended support is April 2023
https://support.microsoft.com/en-gb/lifecycle/search?alpha=lync%20phone%20edition
Windows CE 6.0 hits end of extended support in April 2018
https://support.microsoft.com/en-gb/lifecycle/search?alpha=Windows%20Embedded%20CE%206.0
Windows CE and therefor Lync Phone Edition doesn’t support TLS 1.2, which means that unless Microsoft chooses to update LPE (which I very much doubt will happen) LPE Phones won’t be able to sign into Office 365/Skype for Business Online after October 2018.
I doubt this affects a large number of customers, as certified phones have been the recommendation for some time, but it’s worth being aware I think.
What is curious is that Microsoft is creating a “cloud gateway” to allow Skype for Business Phones to work with Teams (alongside new dedicated Teams IP Phones). At the time of announcing this, it was said that LPE Phones would be supported, but I can’t see how this would be the case, as surely this gateway, as part of Office 365, will also use TLS 1.2. Update, LPE phones will not be supported with Microsoft Teams
Note, this won’t affect Lync Phone Edition signing into SfB Server 2015. SfBS 2015 will have a supported method to disable TLS 1.0/1.1, but it will be a customer configurable option. This also doesn’t affect non-LPE phones/3IP certified phones which are mostly based on Linux and all support TLS 1.2.
Interested in the nitty-gritty detail on TLS and LPE? Check out this excellent blog from Trevor Miller: https://ucvnext.org/2016/03/lync-phone-edition-tls-limitations/
Don’t know if you have this in another blog post but may want to mention for those that are ON PREM with UM/Exchange in O365, if your Lync/Skype edge isn’t configured properly (TLS 1.2 enabled both client and server side of the EDGE environment) you will lose access to UM through Edge.
I would like to see more information about this for on premise Lync 2013 and Skype for Business 2015 installations (no 3rd part PBX) who are using O365 Exchange Online UM.
Hi Tom, Thanks for posting the a great articles on S4B. I have one small doubt, after the SfB sign and during the in-band provisioning we always see on snooper that there are 2 SERVICE out requests to collect the conferencing details. The 200 Oks for both the requests provide the exact same information. I have noticed this happening regardless of Lync online or on premises. Though it doesn’t pose any issue, just curious to know if there is a reason behind this happening twice.
Thanks in advance.
[…] the news that Lync Phone Edition will no longer work on Skype for Business Online from October 31st 2018, I’ve been asked by a few customers, “how can I check if I have any Lync Phone Edition Phones […]
[…] Lync Phones, most manufacturers have a replacement programme, see this post for a list of […]
Hi, I have a problem and wonder if anyone has a solution to this.
The prior setup was Skype for Business 2015 and Exchange 2010 (both on-prem) running Aastra 6725ip Lync Phone Edition phones.
I have migrated the customer’s email to Office 365 and of course, in October you cannot connect Phone Edition phones to O365 and the customer only needs the native functionality of Skype for business, so happy to lose the exchange server and not have connectivity.
However one the Lync Phones they show a Yellow Warning triangle saying Exchange UC not available, is there any way to hide or disable this message on the phones from Skype from Business.
Has anyone got a solution to this, as the warning triangle stops the messages appearing correctly like transfer buttons on the screen?
Thanks
Chris
[…] an interesting change of plan, originally Microsoft said in their KB […]