With the recent BEAST and POODLE attacks and having to support weak cryptography, Transport Layer Security (TLS) versions 1.0 and 1.0 are soon to be depicted and calling as End of Life and support from most of web based platforms within this year.
This will not going to be a major issue for most new platforms as they use “Modern” TLS protocol version 1.2. Once of those platforms that re deprecating older TLS versions are Microsoft 365.
Microsoft have announced deprecation of TLS 1.0 and 1.1 by 31st of October 2018. After that, anything connects to Microsoft 365 that only use TLS 1.0 and 1.1, will seize to function.
What’s that got to do with LPE devices?
Unfortunately, LPE devices only understands TLS 1.0 and nothing else. With the deprecation of older TLS versions from Microsoft 365, the organizations that use LPE devices with Skype for Business Online (SfBO) will eventually stop registering users in. This will be a major problem organizations and individuals who fell in love with those devices.
What classifies as LPE devices?
There are 2 versions of devices that can be used with Microsoft Lync\Skype for Business platforms.
- Optimized devices
- Certified devices
Ones that are called “Optimized” are the devices that contains Microsoft built firmware version. These devises also called Lync Phone Edition or LPE devices. Microsoft manage the operating system (Windows CE 6.0) goes in to these devices, even though it get built by 3rd party vendors. Classic examples of these are Polycom CX series, HP 41xx series and Aastra 672x series
On the other hand, the “Certified” ones are the devices that are built and supported by the 3rd party vendors them selves. In other words, they build the device and build the firmware that goes in to them. Since Microsoft have decided to deprecate old TLS versions, they will most probably not release a firmware update to these devices to allow TLS 1.2.
Not every device out here get endorsed as Microsoft Certified Device. These vendors\devices need to go through a certification process (3PIP) at Microsoft, which allows the devices to be certified to function with Microsoft Lync\Skype for Business platforms. So far, there is Polycom VVX series devices, Yealink, AudioCodes and Spectralink devices that carries the “Certified” banner. Certification information for these devices can be found here
What should i do?
Assuming that Microsoft will not come up with an update for their Windows CE 6.0 platform, you should think about replacing all LPE device with any of Certified devices. You can select any of devices that i mention above as a replacement for current LPE device. They are packed with features and more “configurable” than the LPE device.
I only have an on-premises deployment. Will this effect me?
Not really. TLS version control of on-premises server are up to local administrators to manage. As long as TLS 1.0 and 1.1 is not been disabled from Lync\Skype for Business Front End servers, the LPE devices will continue to work.
But, having those old TLS versioned enabled in servers are making them vulnerable to attacks. Also, Microsoft will not be releasing any new firmware updates for these devices and they will eventually be unsupported and end-of-life. It’s your best interest to get rid of these devices and replace with newer Certified devices.
There are some vendors like AudioCodes and Yealink have started to provides LPE replacement offers for organizations that has large number of LPE devices. It is a good opportunity to grab one of these offers and replace the old LPE fleet of devices.
I hope the message is clear, 31st October is the cutoff date to replace all LPE devices that are used with Skype for Business Online. Look for replacement and get it done soon. Clock is ticking 🙂