# Disable Configuration File Encryption for Yealink IP Phones

By default, Cloud Voice encrypts the configuration files it hands out to Yealink IP phones during auto provisioning. Auto provisioning is the process where the phone system automatically pushes its settings (network options, feature keys, and account details) to each phone, so you do not have to program every handset by hand. If your phones cannot decrypt those files, you can switch encryption off for every Yealink device at once so provisioning still works.

## Why disable encryption

When a Yealink phone auto provisions, Cloud Voice normally builds an encrypted configuration file. The phone has to recognize and decrypt that file before it can apply any of the settings inside.

Some Yealink models do not support this decryption. In that case, turning off encryption tells Cloud Voice to publish plain, unencrypted configuration files instead, which the phones can read and apply directly. Besides fixing provisioning on those devices, this makes Hot Desking (where a user signs in to any shared desk phone and their own extension follows them) more reliable, and it makes configuration issues easier to diagnose because you can read the file contents directly.

:::caution
This is a system-wide switch: it turns encryption off for every Yealink phone on the platform, not just the one that is failing. Unencrypted files are also less protected than encrypted ones, since anyone who can read a config file can see the settings inside it. Only disable encryption if you have confirmed that your phones cannot decrypt the files, and leave it on otherwise.
:::

## Before you begin

Your platform must be running firmware version **84.23.0.24** or later.

:::note
On older firmware the encryption option will not appear in the phone list settings. If you cannot find it in the steps below, check your firmware version first and upgrade if needed.
:::

## Turn off encryption

1. Sign in to the Cloud Voice management portal and open **Auto Provisioning > Phones**.
2. Above the phone list, click **Options**.

   ![The Options button at the top of the auto provisioning phone list](/images/pbx/option-random-password.png)

3. In the dialog that opens, clear the **Enable Yealink Phone Configuration File Encryption** checkbox.

   ![The encryption checkbox cleared in the phone options dialog](/images/pbx/disable-yealink-phone-configuration-file-encryption.png)

4. Click **Save**.

## What happens next

From now on, Cloud Voice generates unencrypted configuration files for all Yealink IP phones during auto provisioning. The phones download and apply their settings directly, with no decryption step required.

:::tip
Phones that were already provisioned keep using their current files until they provision again. To apply the change to a phone that is online now, re-provision or reboot it so it fetches a fresh, unencrypted file.
:::
