Zoom's June 21, 2026 Zoom Phone release notes say certain older AudioCodes and Poly IP phone and ATA gateway models will enter a decertification process because they rely on SHA1-only encryption cipher sets that no longer meet current security requirements.
That may sound like a vendor release-note detail. For a business owner, it is really an inventory question. Cloud phone service still depends on physical devices: desk phones, common-area phones, conference room phones, lobby phones, paging adapters, and the ATA gateways that sometimes keep fax machines or specialty devices alive.
Cloud phones still have a hardware shelf life
Zoom says affected account owners and admins will receive web portal banners and email notices identifying devices in their accounts. The affected models include certain AudioCodes phones and ATA gateways, plus Poly VVXD230 and legacy OBi 300 and 500 ATA gateways. Zoom also says those models will no longer appear in the phone model drop-down menu for adding new devices.
The linked Zoom decertification article explains the practical risk more plainly: after decertification, automated provisioning updates, firmware updates, configuration changes, and full technical support may become limited. Zoom also warns that a reset, technical issue, or re-provisioning need could prevent a decertified device from reconnecting.
That is the part owners should not leave buried in the portal. A phone that works today can still become a problem later if it cannot be re-provisioned during an office move, staff change, outage, carrier change, or help desk ticket.
The business decision is ownership
The decision is not whether Zoom is right to retire older device support. Vendors have to move away from older security requirements. The business decision is who owns the review before the deadline becomes an interruption.
For many small and mid-sized organizations, the voice system sits between several parties: the cloud phone vendor, the MSP, the telecom consultant, the cabling vendor, the copier or fax vendor, and whoever originally ordered the phones. That creates a familiar gap. Everyone assumes someone else has the asset list.
This is where a quiet release note can turn into a budget surprise. Replacing a few desk phones is one thing. Discovering that common-area phones, adapters, or specialty lines are tied to aging hardware during a support incident is another.
Questions to ask the IT or voice provider
- Do we use Zoom Phone, and are any AudioCodes or Poly models in the decertification scope?
- Has the Zoom admin portal shown any banner or email notice for affected devices?
- Do we have an inventory of desk phones, common-area phones, conference room phones, lobby phones, fax adapters, paging adapters, and ATA gateways?
- Which devices can continue safely, which need replacement, and what is the replacement timeline?
- Could any affected device fail to reconnect after a reset, office move, firmware issue, or re-provisioning request?
- Who is responsible for budgeting and scheduling replacements: the MSP, telecom provider, internal team, or business owner?
A practical next step
Ask for a one-page phone hardware inventory and lifecycle note. It does not need to be fancy. It should list device model, location, user or function, support status, replacement recommendation, expected deadline, and owner for the next action.
That simple document turns a vendor release note into a manageable business decision. The old phone on the front desk may still ring, but that does not mean it belongs outside the replacement plan.
Sources and further reading
