locked
Skype for business server 2015 - Blocking external users RRS feed

  • Question

  • Hi All,

    I have a on-premise deployment of SFB Server 2015. I wanted to block the external users connectivity (say my domain is ABC.com. so, ABC.com users should not connect with any other SFB user other than this domain) but i want to allow a external user group (ABC.com can only connect to abc.com users & this external group).
    How can i do this in SFB 2015.

    Please Help.

    Thanks,

    Pranay.

    Monday, March 21, 2016 7:06 AM

Answers

  • Hi,

    Base on my understanding, you want your Skype for Business users have the ability to login and IM\chat internal and external the company, also they could only could federation with a special domain.

    If it is the case, then you need to deploy an Edge Server on DMZ zone firstly.

    Then enable remote function for Skype for Business users.

    At latest, enable Federation function to choose only with this special partner Lync environment. Make sure this partner Lync Server environment also enable federation with your SFB environment.

    You can choose "Allowed Partner Server" federation type in the link below:

    https://technet.microsoft.com/en-us/library/jj204800%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Proposed as answer by Liinus Tuesday, March 22, 2016 6:56 AM
    • Marked as answer by Eason Huang Thursday, April 7, 2016 3:29 PM
    Tuesday, March 22, 2016 6:35 AM

All replies

  • Hi Pranya,

    Check the setting under federation and external access

    You can disable "enable communications with public users/remote users" in extrernal access policy. You can also federate with a other domain under SIP Federated Domains only for that domain

    See more on technet:

    https://technet.microsoft.com/en-us/library/gg399048%28v=ocs.15%29.aspx

    Sincerly,

    Erdem


    • Proposed as answer by Er-D Monday, March 21, 2016 7:52 AM
    • Edited by Er-D Monday, March 21, 2016 9:22 AM typo
    • Unproposed as answer by Pranay Bhagat Monday, March 21, 2016 10:03 AM
    Monday, March 21, 2016 7:52 AM
  • i think you need to give us example to be more clear, but anyway you could define external access policy and assigned it per user.
    Monday, March 21, 2016 9:11 AM
  • Hi,

    I have blocked the external communication but still i am now able to allow an external public group.

    I don't want federate the entire domain but just a group.

    Thanks,

    Pranay.

    Monday, March 21, 2016 10:08 AM
  • you need info barriers.. one such product is DC Stockade (www.devcentrics.com

    www.rtcpedia.com - A real time communications blog

    Monday, March 21, 2016 10:49 AM
  • can't it be done from SFB 2015 Front end console ?

    Thanks,

    Pranay.

    Monday, March 21, 2016 10:57 AM
  • you could create new user policy and allow for federation access for this policy and assign these public users to it.

    or do vice verse by allow global and disable all other user by user policy.


    • Edited by HamedAdel Monday, March 21, 2016 11:05 AM
    • Proposed as answer by HamedAdel Monday, March 21, 2016 11:11 AM
    • Unproposed as answer by HamedAdel Monday, March 21, 2016 11:11 AM
    • Proposed as answer by HamedAdel Monday, March 21, 2016 11:11 AM
    • Unproposed as answer by Pranay Bhagat Monday, March 21, 2016 6:01 PM
    Monday, March 21, 2016 11:01 AM
  • Hello Pranya, 

    What do you mean exactly by Public group (do they belong to different domain users ) ?


    Linus

    Monday, March 21, 2016 1:29 PM
  • Yes, they belong to a different domain.

    What i wanted to know was do i need to add external users first in Skype for business front end server & then add them to external user policy ?

    Please suggest.

    Thanks,

    Pranay.

    Monday, March 21, 2016 4:55 PM
  • Hi,

    Base on my understanding, you want your Skype for Business users have the ability to login and IM\chat internal and external the company, also they could only could federation with a special domain.

    If it is the case, then you need to deploy an Edge Server on DMZ zone firstly.

    Then enable remote function for Skype for Business users.

    At latest, enable Federation function to choose only with this special partner Lync environment. Make sure this partner Lync Server environment also enable federation with your SFB environment.

    You can choose "Allowed Partner Server" federation type in the link below:

    https://technet.microsoft.com/en-us/library/jj204800%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Proposed as answer by Liinus Tuesday, March 22, 2016 6:56 AM
    • Marked as answer by Eason Huang Thursday, April 7, 2016 3:29 PM
    Tuesday, March 22, 2016 6:35 AM