Search This Blog

Saturday, September 23, 2017

Polycom VVX for hybrid Exchange

Polycom FW version 5.5.3 and Exchange hybrid.

From the logs we see that Polycom tries to perform autodiscover, but finally fails and leave EWS not deployed for online users.  I will continue debuging that, but I found a workaround:

login with sip and UPN  as but leaving domain field empty.
Then in settings-applications-exchange server URL you can hardcode:

and leave autodiscover disabled.

Update: with CURL DEBUG we can see that problem was in SSL certificates of Digicert not being trusted due to limits we left from other tests in Network - TLS - Application profile 6 (select certificates from platform or imported, but we had only one certificte selected). I also imported Digicert root, as for unknown reasons outlook is based on that while rest of MS is Baltimore.

Inside exchutil.ps1

Friday, September 15, 2017

ADFS trics for MFA

ADFS access control rules to disable MFA for Office 365 application if usrs are connecting from intranet, Lync clients and enforce MFA for member of AD group:

$rp = Get-AdfsRelyingPartyTrust –Name "Microsoft Office 365 Identity Platform"
$groupMfaClaimTriggerRule = 'NOT EXISTS([Type == "", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="", Value =~ "(?i)lync"]) => add(type = "", value = "true" );
c1:[Type == "", Value == "S-1-5-21-796845957-688789844-854245398-6148"]  && c2:[Type =="", Value== "true"] && c3:[Type =="", Value== "false"]=> issue(Type = "", Value = "");'

Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules $groupMfaClaimTriggerRule

We use this rule to let Lync on Premises users to use Exchange online