|Phone Model||VVX 401|
|Part Number||3111-48400-001 Rev:A|
|UC Software Version||18.104.22.16896|
|Skype for Business||On Premise|
We have an issue signing into Exchange Services on Polycom devices.
Recently a number of our accounts have been migrated from Exchange On-Prem to Exchange Online. We use MFA with Office365.
Since the migration we can sign into the Polycom VVX devices as expected, however when signing into Exchange Services we can an authentication failure and EWS doesnt deploy. I have manually tried adding the exchange server as https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity but this has not resolved the issue.
I suspect the issue is most likely related to MFA and the Polycom VVX devices.
How can we sign into Exchange Services using an account that is enabled for MFA?
Attached are logs from the device.
I did check your provided serial and your phone is a 2200-48400-025 provided via our partner Siphon Networks Ltd back in 08/08/2019.
Please be aware of the following when utilizing UCS 4.1.0 or later:
The use of Polycom UC Software versions 4.1.X (“Software”) requires the purchase of a separate Software license for every device that will use the Software in a LYNC / Skype for Business environment. You may not install, access, or use the Software in a LYNC / Skype for Business environment on more devices than are listed on your license until additional licenses have been purchased and authorized by Polycom. These licenses should be purchased from the same company from which you purchased the devices. You may operate devices against a LYNC / Skype for Business server for trial purposes for up to 30 days without purchasing a license. Use of the Software is subject to the terms and conditions of the End User License Agreement.
Polycom reserves the right to audit your deployment to verify that you have sufficient licenses to match the number of devices being used.
Information in regards to License Part Numbers can be found here
As stated above you cannot use this phone without having the correct Poly License in place as well. This is an individual per phone license as outlined in the above link.
I suggest you verify or clarify this issue first before using our Phones with Skype for Business.
Thanks for the replaying.
We are currently awaiting a response from the supplier of these devices.
We have confirmed with our account manager at Poly that we do have a number of Polycom Devices with Skype for Business SKUs, and we are experiencing this issue across a number of devices.
I have another VVX201, info is below:
|Phone Model||VVX 201|
|Part Number||3111-40450-001 Rev:A|
|UC Software Version||22.214.171.12423|
utilizing the Web Sign-In method aka getting a code of the phone and then authenticating via a browser should work.
If this does not work for you please work with your supplier to get this into support.
Thanks for the response.
Skype for Business is on premise and Exchange using Exchange Online, therefore the web sign-in will not work.
Will MFA work in the above scenario where Skype for Business is On premise and Exchange in on Office365?
I believe you need to enable Hybrid Modern Authentication on your Skype for Business on-premises deployment.
Thanks for the reply. I've had a read through and not sure that will achieve the desired result unfortunately.
The Skype for Business client is connecting to Exchange Online as normal. Its just the Polycom VVX devices that aren't and continue to prompt for a password.
I have also tested using a Polycom Trio and this connected to Exchange and my calendar appointments were shown as I would expect.
I've looked into this a bit more to confirm whether what I said was correct. Quoting from Page 26 of the Polycom UC Software with Skype for Business - Deployment Guide 6.2.0 :
If you’re using MFA, you must use Web Sign In as the user sign-in method with phones.
Web Sign In for Skype for Business server is supported only when the Hybrid Modern Authentication (HMA) environment is enabled. To use the capability of HMA with Skype for Business On-Premise, Active Directory should be federated with Azure Active Directory (AAD).
I believe the Trio has a way of signing in to SfB and Exchange using separate credentials, which may explain why it is working on that device without HMA.