blue-lineSecure Lync & Skype Secure Skype for Business Mobile & Desktops Authentication SkypeShield is an innovative solution that guarantees secure mobile and external Skype for Business (Lync) connectivity. SkypeShield allows users to safely connect to Microsoft servers from smartphone, tablets, desktop PCs and any other device outside the organization. Connecting to a Skype for Business server using the Skype for Business client from smartphones, tablets and any other external device outside the organization might raise new security issues. To mitigate the risks and allow workers to safely connect, SkypeShield has developed an innovative solution that prevents unauthorized devices from penetrating the corporate network and protects the Active Directory.

Product Overview Security Features Security Issues

Trial Version More Info

Documents White paperPDF-icon Presentationpowerpoint-icon

Security Features SkypeShield offers the following security features for mobile, tablets and desktops:

Active Directory Credentials Protection – defining dedicated Skype for Business credentials that are different from the Active Directory credentials to minimize damage and risk in case of a stolen or lost device, or if the credentials are hacked. Two Factor Authentication – By matching the device and user, the organization can limit user’s access to Skype for Business servers by using only corporate devices or specific devices that meet the company’s security requirements. Block DDoS attacks & Prevent Account Lockout – prevent account lockout situation in a Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS) and brute force attacks on Skype for Business servers, or in case of domain password change. Reverse Proxy Publishing – scalable, event-driven and secure reverse proxy alternative for Microsoft Forefront Threat Management Gateway (TMG) to publish Skype for Business. Restrict Lync to Managed Devices – enable limited access to the organization’s Skype for Business server only to corporate devices by restricting the registration process to be completed from a specific network (IP range Filtering). The IPF can be implemented at the registration process or during the ongoing usage of Skype for Business. Smart Card Login – offer a solution for organizations with a network policy requiring smart card login to allow authentication and user pf mobile Skype for Business. RSA Token Authentication – eliminate the need to use AD credentials for users of secure tokens wishing to connect to Skype for Business servers from external devices and enable Two Factor Authentication based on the token. Lync Edge Access Control – allow secure connectivity to Skype for Business Edge servers from desktops and laptops outside the organization’s network while eliminating the risk of account lockout and verifying that only a registered client can access. EWS Protection – protect the Exchange Web Services (EWS) against account lockout and limit the access to the EWS only from registered device (TFA).


SkypeShield is a server side solution that does not require any additional installation on mobile client. The product is available on Microsoft TMG or on Bastion – a dedicated reverse proxy included as part of the solution. The product can be implemented in an existing environment using already other network proxies such as F5 or Netscaler. security-big-pic