blue-lineSecure Skype for Business

SkypeShield is an innovative solution that guarantees secure mobile and external Skype for Business (Lync) connectivity. SkypeShield allows users to safely connect to Microsoft servers from smartphone, tablets, desktop PCs and any other device outside the organization.
Connecting to a Skype for Business server using the Skype for Business client from smartphones, tablets and any other external device outside the organization might raise new security issues. To mitigate the risks and allow workers to safely connect, SkypeShield has developed an innovative solution that prevents unauthorized devices from penetrating the corporate network and protects the Active Directory.

Security Features

SkypeShield offers the following security features for mobile, tablets and desktops:

Active Directory Credentials Protection – defining dedicated Skype for Business credentials that are different from the Active Directory credentials to minimize damage and risk in case of a stolen or lost device, or if the credentials are hacked.

Two Factor Authentication – By matching the device and user, the organization can limit user’s access to Skype for Business servers by using only corporate devices or specific devices that meet the company’s security requirements.

Block DDoS attacks & Prevent Account Lockout – prevent account lockout situation in a Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS) and brute force attacks on Skype for Business servers, or in case of domain password change.

Reverse Proxy Publishing – scalable, event-driven and secure reverse proxy alternative for Microsoft Forefront Threat Management Gateway (TMG) to publish Skype for Business.

Skype for Business over VPN – using Skype for Business on Virtual Private Networks (VPN) in a seamless user experience without compromising on quality of service.

Smart Card Login – offer a solution for organizations with a network policy requiring smart card login to allow authentication and user pf mobile Skype for Business.

RSA Token Authentication – eliminate the need to use AD credentials for users of secure tokens wishing to connect to Skype for Business servers from external devices and enable Two Factor Authentication based on the token.

Edge Access Control – allow secure connectivity to Skype for Business Edge servers from desktops and laptops outside the organization’s network while eliminating the risk of account lockout and verifying that only a registered client can access.

EWS Protection – protect the Exchange Web Services (EWS) against account lockout and limit the access to the EWS only from registered device (TFA).

MDM Binding – restrict workers to using Skype for Business on managed devices only.

Architecture

SkypeShield is a server side solution that does not require any additional installation on mobile client.
The product is available on Microsoft TMG or on Bastion – a dedicated reverse proxy included as part of the solution.
The product can be implemented in an existing environment using already other network proxies such as F5 or Netscaler.

security-big-pic