Summary
Cumulative Update 1 (CU1) for Microsoft Skype for Business Server introduces the migration of the OAuth authorization protocol from Azure Active Directory Authentication Library (ADAL) to Microsoft Authentication Library (MSAL) for the Dial-in, Scheduler, and MACP web applications.
As part of this change, MSAL requires Cross-Origin Resource Sharing (CORS) to be enabled on the Active Directory Federation Services (ADFS) farm. This requirement didn't exist for ADAL. Therefore, existing deployments in which ADFS was configured before CU1 might experience authentication failures after you apply the CU1 update unless CORS is configured correctly.
Resolution
To fix this issue, install the following hotfix update:
Workaround
To work around this issue, run the Update-CsAdfsCorsTrustedOrigins cmdlet after installing CU1 to complete the post-installation ADFS CORS configuration.
