MFA and the Polycom VVX

Note:
The Web Sign-in option only works for Skype for Business Online accounts.

Overview:
Firmware versions tested:  5.7.0.14430 & 5.8.1.6389
Phone used for test: Polycom VVX 600
The following is a step by step guide on how to sign-in a Polycom VVX IP phone to Skype for Business Online using an account enabled for MFA.

The process is pretty painless and worked at the first time of trying, which is always nice.

The phone will also sign back in after a reboot/power outage.

Step by step guide

  1. Click the “Sign In” button. Image01
  2. If you don’t see the screen, press the physical Home button and it will take you to the above screen.
  3. You should have 3 options:
    1. User ID
    2. Via PC
    3. Web Sign-in
  4. Select “Web Sign-in”:
    Image02
  5. The phone will display a code. The code is uniquely generated for each phone and each login attempt. Make a note of the code. Image03
  6. Navigate to http://aka.ms/sphone and enter the code from the phone.Image04
  7. The site will automatically check the code and if valid show the following message:Image05
  8. Click “Continue”
  9. At this point, you will be re-directed to the standard Office 365 login page. Select the account you want to use:Image06
  10. At the prompt enter the account password and click “Sign in”.Image07
  11. At the prompt enter the 6 digit MFA code and click “Verify”.Image08
  12. If everything worked you will be redirected to the following page:Image09
  13. The phone should now be logging in. From this point onwards the sign-in process is the same regardless of the sign-in method used.
  14. Find the Skype for Business Online serviceImage10
  15. Downloads the SfB generated certificate.Image11
  16. Set a phone lock code. This can be disabled via SfB policy. Image12
  17. Confirm code.
    Image13
  18. A handy note about how to change the Lock code, it will disappear after a few seconds.
    Image14
  19. Click “Skip”.
    Image15
  20. All done. The phone is logged in and ready for useImage16

This is also the process to use if you are using a Skype for Business Common Area Account.

SfB Online: Number porting in the UK

Resources:

Step by step process

  1. Download and complete the Letter of Authorization (LoA) from the Microsoft site (see link above).
    Note: The “To” Carrier refers to your existing service provider or carrier.
  2. Submit porting form to ptneu@microsoft.com.
  3. You’ll receive a reply back in a few hours with your Port Order ID along with any questions.
  4. Porting is accepted by Microsoft and submitted to the Losing Carrier.
  5. Losing Carrier has 3 days to reject the request or issue a Firm Order Commitment (FOC) notice.
    If accepted, the porting date is confirmed.
    If rejected, engage in back and forth with Microsoft and Losing Carrier to get the information on the form correct.
  6. One day after the FOC notice is received, the numbers will be available in the SfB Online Portal. They will have a status of “Transfer pending”. They can be allocated to users but inbound calling won’t work until the porting is complete. SfBPortal-Pendingtransfer
  7. Three days before the port is scheduled is the last chance to cancel the port.
  8. On the porting day, at some point after the porting time, calls will start being directed to SfB users.
  9. Once the port is confirmed, Microsoft will convert any user numbers to Service numbers.
  10. Crack open a <beverage> and celebrate a job well done.

User experience during the porting window

During the porting window, there should be no disruption to calls.

Outbound calling from SfB will continue to work. Once the port is complete, CLI should automatically update to the new DDI number.

For inbound calling, at some point during the porting window calls will stop ringing on the old handset and start ringing on the SfB client.

Calls that are already established will continue until one party hangs up.

Porting timeline

Based on my experience, the timeline for porting to Microsoft is very similar to other telecoms companies. And will look like the diagram below:

PortingTimeline

The process is also governed and regulated by OFCOM in the UK, so telcos are legally required to comply with valid requests.

Gotchas and lessoned learnt

  • The form doesn’t ask for it but you will need to provide either the Organisation ID or *.onmicrosoft.com domain.
  • The initial response from the porting team was good, we had the Port Order ID within 30 minutes of emailing in.
  • All numbers are ported in as user number and you can then convert select numbers to service numbers.
  • Pick a migration date at least 20 working days in the future.
  • 3 days notice to cancel a request.
  • Numbers are available in the SfB Online portal once the losing carrier has accepted the request. They have a status of “Transfer Approved”. You can assign them to users at this point, however, inbound calling won’t work till the agreed port day.
  • Converting from a User number to a Service number takes 20 minutes, can only be done once the port is complete and does involve the number being out of service while being converted.

Finding your onmicrosoft.com domain

Admin Console

The organization ID can be found from the Azure Active Directory Admin Center -> Azure Active Directory -> Custom domain names.

From the list search of the <>.onmicrosoft.com entry.

FindDomain

PowerShell

Once you are connected to Azure ID run Get-MsolDomain and look for the <domain>.onmicrosoft.com entry

FindDomainPowerShell

Finding your Organisation ID

Third Party Website

Some kind folks have built a website that will find your Org ID for you: Link Simply enter your office 365 domain and it will display the Org ID. The site uses OpenID Connect which is an identity layer that sits on top of OAuth 2.0.

Admin console

The organization ID can be found from the Azure Active Directory Admin Center -> Azure Active Directory -> Properties  -> Directory ID.

It looks like a GUID type string. EG. a3gbd34b-14bd-5304-c380-774f60aa533b

FindOrgID