Security Features SkypeShield offers the following security features for mobile, tablets and desktops:
Active Directory Credentials Protection – defining dedicated Skype for Business credentials that are different from the Active Directory credentials to minimize damage and risk in case of a stolen or lost device, or if the credentials are hacked. Two Factor Authentication – By matching the device and user, the organization can limit user’s access to Skype for Business servers by using only corporate devices or specific devices that meet the company’s security requirements. Block DDoS attacks & Prevent Account Lockout – prevent account lockout situation in a Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS) and brute force attacks on Skype for Business servers, or in case of domain password change. Reverse Proxy Publishing – scalable, event-driven and secure reverse proxy alternative for Microsoft Forefront Threat Management Gateway (TMG) to publish Skype for Business. Restrict Lync to Managed Devices – enable limited access to the organization’s Skype for Business server only to corporate devices by restricting the registration process to be completed from a specific network (IP range Filtering). The IPF can be implemented at the registration process or during the ongoing usage of Skype for Business. Smart Card Login – offer a solution for organizations with a network policy requiring smart card login to allow authentication and user pf mobile Skype for Business. RSA Token Authentication – eliminate the need to use AD credentials for users of secure tokens wishing to connect to Skype for Business servers from external devices and enable Two Factor Authentication based on the token. Lync Edge Access Control – allow secure connectivity to Skype for Business Edge servers from desktops and laptops outside the organization’s network while eliminating the risk of account lockout and verifying that only a registered client can access. EWS Protection – protect the Exchange Web Services (EWS) against account lockout and limit the access to the EWS only from registered device (TFA).