Skype for Business Server (SfB) 2015 May 2017 cumulative update supports Hybrid Modern Authentication (HMA). To use HMA with your SfB on-premises, you will need to have on-premises Active Directory f...
Updated Nov 25, 2019
Version 19.0Blog Post
Nice article Carolyn
In our environment we have SFB online, Exchange Online and Exchange OnPrem (for legacy applications) and are in hybrid mode. All user mailboxes are homed in O365 and we are using MFA. We are using Polycom VVX phones
With the Oauth 2.0 change coming in January 2020 we have begun to test the supported Polycom firmware (5.9.4.3247). We have consented to the Polycom phones in our portal and it shows as an enterprise application in it. The phones log into Skype without issue, however when accessing the Exchange services we get authentication errors when accessing calendar on the phones. The only way we have been able to get it to work is when doing the web-signin on the phones. It was my understanding that by consenting to Polycom with the embedded app code in the firmware that we would be able to continue using user credentials to sign in.
From what I have been able to figure out it seems to be due to MFA being enabled as if I use a non-MFA enabled account it works. Is there something on the Exchange onPrem environment that needs to be configured in order to have it accept MFA and pass it to the online environment?
From looking at my logs from the VVX I get
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access......
Then appears to fall back to basic authentication and get a failed to Get oAuth Token.
Any insight would be much appreciated.