­One of the main security challenges many organizations using Skype for Business (Lync) are facing is the need to restrict workers to using Skype for Business on managed devices only.

Many enterprises require that Skype for Business access would be limited to managed devices with installed corporate Mobile Device Management (MDM) software only. These organizations want to verify that these devices meet the company’s security requirements and that using Active Directory (AD) credentials for Skype for Business is only done from a device that is compatible with the company’s security policy.

To meet this challenge, SkypeShield offered an approach based on certificate enrollment. However, based on customer feedbacks the company has decided to extend the solution with the new innovative approach of MDM Binding solution. SkypeShield now offers a suite that can fit all needs to limit Skype for Business usage only to devices with MDM installed.

The new solution is compatible with leading MDM vendors including AirWatch, MobileIron, IBM MaaS360, Good Technology and XenMobile.

SkypeShield’s solution offers several deployment approaches to fit the specific MDM implementation. It can be implemented based on one of the following MDM capabilities:

• Certificate enrollment
• VPN access control
• Mobile Application Management (MAM)

It should be noted, that Implementation based on MAM capabilities requires using SkypeShield’s mobile app for Skype for Business usage. In this case, SkypeShield’s server expects to obtain an encrypted background handshake request from the mobile app once the Skype for Business client starts. As a result, only devices with the SkypeShield app can connect to corporate Skype for Business servers.

By implementing the new solution, corporate clients can benefit from Multifactor Authentication by adding two additional factors besides the password. The solution offers a high security level by preventing authentication in case of Man ­in­ the­ Middle (MITM) attacks.