Microsoft Teams is without a doubt one of the top collaboration platforms out there. Their users love hosting meetings and its deep integrations with other Microsoft products for intuitive collaboration. One of the issues that usually comes around is that companies start using it without having a good notion of how MS Teams should be […]
How to secure usage of Skype for Business over Virtual Private Networks
Following Microsoft’s recommendation to keep all voice and video traffic going through the Edge and not over the VPN, SkypeShield has launched a new authentication solution for safe usage of Skype for Business (Lync) on Virtual Private Networks (VPN).
Deploying Skype for Business over VPN usually causes quality decrease and latency of the service because of double encryption of the Skype for Business traffic over VPN. The new Skype for Business over VPN hybrid solution solves this problem by splitting the traffic.
Establishing the connection goes through VPN while audio/video traffic is routed through the Edge over the Internet as required by Microsoft. SkypeShield’s innovative solution does not require any changes in the VPN infrastructure (split tunneling).
Companies using VPN, are looking to take advantage of the secure infrastructure already in use for deploying Skype for Business. This can offer device access control because typically the VPN access is controlled by MDM and certificate that are available only to corporate devices.
SkypeShield’s hybrid solution splitting the requiring authentication traffic to go through VPN and routing the majority of the Video/Audio traffic to go through the Edge over the internet as designed by Microsoft. This solution does not require any changes in the VPN infrastructure.
By implementing the new solution, organizations can verify that only devices with corporate VPN access can connect to Skype for Business to complete the authentication process. At the same time, it enables the transfer of the majority of Skype for Business traffic (audio/video) to pass through the Internet resulting in optimal user experience.
From an end user prospective the transition between the VPN tunnel for authentication and the Internet for ongoing usage is automatically performed by SkypeShield to preserve optimal user experience. By using this approach, SkypeShield can redirect any unregistered device to the VPN for registration. Once the device has accessed SkypeShield, via the VPN, the device is registered. The Skype for Business client is then redirected to continue the remainder of the session outside the VPN.
SkypeShield’s solution can be configured to require VPN access at every authentication attempt or only once for registration. In such a case, the device will require no VPN access in subsequent sessions as it will already be registered with SkypeShield.
Requiring VPN access at each authentication attempt offers a three-factor authentication based on credentials, device and VPN access.