locked
GPO policy do we need for Skype for Business for Client RRS feed

  • Question

  • What GPO policy do we need for Skype for Business for Client and server.

    • What we will have to implement and impacts on other areas.
    • e.g mobility policy was modified to default not allow unless MDM managed.
    • Also what is the impact two factor authentication if our client requires this authentication

    Thanks a lot

    Thursday, March 31, 2016 8:02 AM

Answers

  • Hi Roger, 

    Client policies help determine the features of Skype for Business Server 2015 that are made available to users. GPO is not really required to control client. If any specific requirement in your company need custom registry changes then you can look for a GPO. 
    https://technet.microsoft.com/en-us/library/gg425949.aspx?f=255&MSPPError=-2147217396


    Two factor authentication. 
    Key Note if all users are not sing 2F auth- DNS records used by internal and/or external clients to discover Skype for Business services should be configured to resolve to a Skype for Business server that is not enabled for two-factor authentication. With this configuration, users from Skype for Business Pools that are not enabled for two-factor authentication will not be required to enter a PIN to authenticate, while users from Skype for Business Pools that are enabled for two-factor authentication will be required to enter their PIN to authenticate.


    While implementing MDM the request always goes to a MDM shield which in-turn process the authentication request for your clients. So i don't think you may need any policy for client version in the server side. 
    Something similar-  http://mobility-shield.com/mdm-binding/

    Regards
    Anoop Karikuzhiyil Babu 
    Erstwhile Microsoft Premier Unified Communication Engineer.


    Note: Please remember to mark the replies as answers if they helped, and unmark the answers if they provide no help.

    Thursday, March 31, 2016 9:45 AM