MFA and the Polycom VVX

The Web Sign-in option only works for Skype for Business Online accounts.

Firmware versions tested: &
Phone used for test: Polycom VVX 600
The following is a step by step guide on how to sign-in a Polycom VVX IP phone to Skype for Business Online using an account enabled for MFA.

The process is pretty painless and worked at the first time of trying, which is always nice.

The phone will also sign back in after a reboot/power outage.

Step by step guide

  1. Click the “Sign In” button. Image01
  2. If you don’t see the screen, press the physical Home button and it will take you to the above screen.
  3. You should have 3 options:
    1. User ID
    2. Via PC
    3. Web Sign-in
  4. Select “Web Sign-in”:
  5. The phone will display a code. The code is uniquely generated for each phone and each login attempt. Make a note of the code. Image03
  6. Navigate to and enter the code from the phone.Image04
  7. The site will automatically check the code and if valid show the following message:Image05
  8. Click “Continue”
  9. At this point, you will be re-directed to the standard Office 365 login page. Select the account you want to use:Image06
  10. At the prompt enter the account password and click “Sign in”.Image07
  11. At the prompt enter the 6 digit MFA code and click “Verify”.Image08
  12. If everything worked you will be redirected to the following page:Image09
  13. The phone should now be logging in. From this point onwards the sign-in process is the same regardless of the sign-in method used.
  14. Find the Skype for Business Online serviceImage10
  15. Downloads the SfB generated certificate.Image11
  16. Set a phone lock code. This can be disabled via SfB policy. Image12
  17. Confirm code.
  18. A handy note about how to change the Lock code, it will disappear after a few seconds.
  19. Click “Skip”.
  20. All done. The phone is logged in and ready for useImage16

This is also the process to use if you are using a Skype for Business Common Area Account.

Rack and cabling


This was nice and straightforward. The two Dell R710 at the bottom, 3 Cisco switches, 2 Cisco Routers and 1 Synology  NAS. Neatly stacked. 


The cabling

The next challenge was to get a network cable from the garage to the study.

I did consider using Wi-Fi or Ethernet over Power(EoP) however, I discounted both. Wi-Fi is too unreliable and when I’ve tried EoP in the past I got slow speeds and frequent disconnects.

So a good old fashioned cable was the solution. Three options for running the network cable:

  1. Get in a professional to do the job – This wouldn’t have made a very interesting blog post…
  2. Install a network socket in the wall and run a cable down the inside of the wall – prefered options
  3. Drill a hole in the floor and run the cable through that – simplest.

So with Option 2 selected and a quick trip to B&Q, Wickes and Screwfix for supplies, I was ready to get started.

Step one was cutting the hole for the socket, to be honest, this is when things started to go wrong. There wasn’t enough clearance between the plasterboard and the breeze block wall to fit the socket. There also wasn’t enough room to actually drill a hole in the cavity between the plasterboard and breeze block wall.


With Option 2 a non-starter (well apart from the hole in wall :/), I started on option 3. This went surprisingly smoothly, I used a 25mm drill bit for the hole along with a drill extender to get all the way through. I then ran a section of plastic 24mm piping to line the hole and make it easier to replace the cable in the future. I fitted a mounting box to the garage ceiling to tidy up the hole. Finally, fitted some stick-on trunking to keep the cable out of the way.

Connection in the study:


Connection in the garage


Overall, pretty happy with how it all turned out and wasn’t as difficult as I expected.

Bonus blog post:

I learnt how to fix holes in plasterboard

SfB Online: Number porting in the UK


Step by step process

  1. Download and complete the Letter of Authorization (LoA) from the Microsoft site (see link above).
    Note: The “To” Carrier refers to your existing service provider or carrier.
  2. Submit porting form to
  3. You’ll receive a reply back in a few hours with your Port Order ID along with any questions.
  4. Porting is accepted by Microsoft and submitted to the Losing Carrier.
  5. Losing Carrier has 3 days to reject the request or issue a Firm Order Commitment (FOC) notice.
    If accepted, the porting date is confirmed.
    If rejected, engage in back and forth with Microsoft and Losing Carrier to get the information on the form correct.
  6. One day after the FOC notice is received, the numbers will be available in the SfB Online Portal. They will have a status of “Transfer pending”. They can be allocated to users but inbound calling won’t work until the porting is complete. SfBPortal-Pendingtransfer
  7. Three days before the port is scheduled is the last chance to cancel the port.
  8. On the porting day, at some point after the porting time, calls will start being directed to SfB users.
  9. Once the port is confirmed, Microsoft will convert any user numbers to Service numbers.
  10. Crack open a <beverage> and celebrate a job well done.

User experience during the porting window

During the porting window, there should be no disruption to calls.

Outbound calling from SfB will continue to work. Once the port is complete, CLI should automatically update to the new DDI number.

For inbound calling, at some point during the porting window calls will stop ringing on the old handset and start ringing on the SfB client.

Calls that are already established will continue until one party hangs up.

Porting timeline

Based on my experience, the timeline for porting to Microsoft is very similar to other telecoms companies. And will look like the diagram below:


The process is also governed and regulated by OFCOM in the UK, so telcos are legally required to comply with valid requests.

Gotchas and lessoned learnt

  • The form doesn’t ask for it but you will need to provide either the Organisation ID or * domain.
  • The initial response from the porting team was good, we had the Port Order ID within 30 minutes of emailing in.
  • All numbers are ported in as user number and you can then convert select numbers to service numbers.
  • Pick a migration date at least 20 working days in the future.
  • 3 days notice to cancel a request.
  • Numbers are available in the SfB Online portal once the losing carrier has accepted the request. They have a status of “Transfer Approved”. You can assign them to users at this point, however, inbound calling won’t work till the agreed port day.
  • Converting from a User number to a Service number takes 20 minutes, can only be done once the port is complete and does involve the number being out of service while being converted.

Finding your domain

Admin Console

The organization ID can be found from the Azure Active Directory Admin Center -> Azure Active Directory -> Custom domain names.

From the list search of the <> entry.



Once you are connected to Azure ID run Get-MsolDomain and look for the <domain> entry


Finding your Organisation ID

Third Party Website

Some kind folks have built a website that will find your Org ID for you: Link Simply enter your office 365 domain and it will display the Org ID. The site uses OpenID Connect which is an identity layer that sits on top of OAuth 2.0.

Admin console

The organization ID can be found from the Azure Active Directory Admin Center -> Azure Active Directory -> Properties  -> Directory ID.

It looks like a GUID type string. EG. a3gbd34b-14bd-5304-c380-774f60aa533b



Part 2 of the build – The enclosure. As mentioned in the design and planning post, the LackRack looks like a good option being cheap and easy to build/assemble.

Normally a LackRack is built using the Lack Table (55cm x 55cm). This is perfect for 1/2 length (~35cm) equipment. However, I will be using full-length servers in the lab so the Lack Coffee Table (55cm x 90cm) gave me the extra length required to completely enclose the equipment.

Reference: LackRack

Part and equipment list

  • 2 x Lack Coffee tables – white (Ikea – £14 each)
  • 2 x 44mm by 44mm by 2400mm timber (B&Q –  £5 each)
  • Chisel
  • Hammer
  • Screwdriver
  • Wood saw
  • Tape measure
  • Marker pen


Construction steps

At a high level the steps where:

  1. Assemble 1 x Lack Coffee table without the shelf (bottom)
  2. Assemble 1 x Lack Coffee table without the shelf (top)
  3. Use the chisel and hammer to remove the stoppers from the bottom of each leg.
  4. When this doesn’t work.. apply saw to the offending leg.
  5. Cut 4 x 80cm posts.
  6. Insert one post into each of the legs of the bottom table.
  7. Hammer down each post to make sure it is fully inserted.
  8. Fit top table into the top of the posts.
  9. Pull down on the top table to make ensure each post is completely inserted into each leg.
  10. Add the shelf to the top table.

And as a special “treat” I recorded the process: Video (sorry about the overexposure).

Final result

Overal, I am happy with the final result. Assembly was straightforward and resulted in a cheap enclosure for the lab equipment.

Lessons learnt

Below is a list of things I learnt from the project or would do differently if I repeated the project:

  • Wear gloves!
  • The thickness of the plywood stopper in each leg varied a lot. Of the 8 legs I “opened”, 6 had a 1cm stoppers and were easily removed with the chisel and hammer. 2 had a 4cm stoppers. For the 4cm stoppers, I had to cut off the bottom of the legs to remove them.
  • Each leg had a 2nd big stopper about 1/2 way up the leg. I didn’t remove these so the support posts wouldn’t fit totally inside the legs and where visible in the final product.  Not a huge deal for me and luckily meant the top of the rack was at the ideal height for a monitor and keyboard. The rack ended up standing 135cm tall.
  • Add the shelf to the top tables. I hadn’t initially planned to do this but it ended up being really useful for storing cables and boxes.
  • If you cut the posts to 35cm (rather than 80cm) the posts should be fully enclosed in the legs and look a bit nicer.

So there you have it, one LackRack assembled and installed.

Next: Racking the kit and cabling.


Home Lab – Part 1: Goals and design

As with any project, it’s always a good idea to set out the purpose and objectives.


To provide an environment I can use to explore Skype for Business and the supporting technologies(SBCs, IP Phones, SQL, Exchange,  etc). Also as an environment I can use to test specific scenarios and replicate customer environments and issues.


  • Build a two host VMware environment with vCentre for management.
  • Build a multi-VLAN network based on Cisco switches and routers.
  • Build a LackRack
  • Build Windows environment (ADDS, DNS, DHCP, PKI, SQL, Exchange etc.).
  • Install and configure SfB.
  • Install and configure PfSense Firewall, Kemp HLB, AudioCodes SBC and AudioCodes MP114 (analogue gateway).


Rack, power and cabling

After some searching I came across LackRack. Looks like an interesting (and cheap) solution. I’ll be using the Lack Coffee table for the extra length.


My “secure data centre location” aka the garage already has power, so that’s nice and easy.

Cabling – I need to get a physical network cable run between the study (1st floor) and garage (directly below). Erm.. drill a hole in the ceiling? I’ll consult with a sparky about this to avoid property damage…


Pretty basic network, using a pair Cisco C3750 and a 1841 Router. Currently planning to include 4 virtual networks:

  • Server VLAN – Virtual servers and appliances.
  • Client VLAN – Physical clients and IP phones.
  • Internal DMZ VLAN- SfB Edge int interfaces and reverse proxy.
  • External DMZ VLAN – SfB Edge ext interfaces, “outside” clients and reverse proxy.

I also plan to add a firewall (probably a PfSense) once the VMware environment is up and running.Lab-Diagrams-Network-v1

This should allow me to test most scenarios and also gives me an excuse to finally learn Cisco networking.


The VMware layer will be based on two Dell R710 (2x X5650 2.66GHz 96GB) from eBay. They should be ESXi ready. So hopefully the install will be straight forward. Once the hosts are built, I plan to install vCenter as the first virtual machine.

The VM data store will be hosted on my existing Synlogy DS1515+. Planning to try out iSCSI as the access protocol.

All the other bits

Once I have the network and VMware environments installed and working, I’ll do a seperate post detailing the design of ADDS, DNS, DHCP, Exchange, SfB and all the other things I want to test.

So there we go, part 1 of my plan for my home lab!

The UC Journey Begins

After lots of procrastination, I have finally created a blog. Thanks for joining me! Hopefully, some or all of the content that will be of interest or helpful to the community.

What to expect from this blog:

  • I’m currently in the process of building a home lab. So expect a series which follows my progress. The first post will record the design and planning stage.
  • Updates about new features and functions in Teams and SfB (both online and on-premise).
  • There is a new version of SfB On-premise due later this year, so that will hopefully generate some interesting articles.
  • Any interesting problems (and resolutions) I encounter that I think are worth sharing.

And finally any neat scripts, tips and tricks I come across in my day job, I plan to share here.

The great myth of our times is that technology is communication. — Libby Larsen