Skype for Business SkypeShield Two Factor Authentication Uncategorized

How to limit Skype for Business usage only to devices with MDM?

­One of the main security challenges many organizations using Skype for Business (Lync) are facing is the need to restrict workers to using Skype for Business on managed devices only.

Many enterprises require that Skype for Business access would be limited to managed devices with installed corporate Mobile Device Management (MDM) software only. These organizations want to verify that these devices meet the company’s security requirements and that using Active Directory (AD) credentials for Skype for Business is only done from a device that is compatible with the company’s security policy.

To meet this challenge, SkypeShield offered an approach based on certificate enrollment. However, based on customer feedbacks the company has decided to extend the solution with the new innovative approach of MDM Binding solution. SkypeShield now offers a suite that can fit all needs to limit Skype for Business usage only to devices with MDM installed.

The new solution is compatible with leading MDM vendors including AirWatch, MobileIron, IBM MaaS360, Good Technology and XenMobile.

SkypeShield’s solution offers several deployment approaches to fit the specific MDM implementation. It can be implemented based on one of the following MDM capabilities:

  • Certificate enrollment
  • VPN access control
  • Mobile Application Management (MAM)

It should be noted, that Implementation based on MAM capabilities requires using SkypeShield’s mobile app for Skype for Business usage. In this case, SkypeShield’s server expects to obtain an encrypted background handshake request from the mobile app once the Skype for Business client starts. As a result, only devices with the SkypeShield app can connect to corporate Skype for Business servers.

By implementing the new solution, corporate clients can benefit from Multifactor Authentication by adding two additional factors besides the password. The solution offers a high security level by preventing authentication in case of Man ­in­ the­ Middle (MITM) attacks.

Microsoft Lync Skype for Business SkypeShield Uncategorized

New IP filter verifies that only corporate devices can connect to Skype for Business

SkypeShield has added a new strong authentication solution, which enables the ability to limit access to the organization’s Skype for Business (Lync) server only to corporate devices, adding another layer of security to the authentication process.

This is done, by using an innovative IP Filter  (IPF), which was developed by SkypeShield, following specific customer requests. SkypeShield’s IPF can be implemented at the registration process or during the ongoing usage of Skype for Business.

Registration filtering enables control on the devices that can complete the registration process and filtering on the ongoing controls from which location connection is allowed.

By using our IPF, registration can be limited to a specific IP range that is accessible only from within the corporate network, thus blocking attempts to register a device without being able to join the corporate network.

SkypeShield’s IP Filter is an ideal solution for organizations that limit the connection to a specific network by using certificate or Mobile device Management (MDM) solutions. This allows verifying, for example, that only devices with an installed MDM can use Skype for Business.

Applying the IPF for the Skype for Business usage can be transformed into geo-location protection by limiting the connection to specific countries based on IP range.

Microsoft Lync Mobile Security Skype for Business SkypeShield Smart card for authentication Two Factor Authentication Uncategorized

New security solution protects smart card login of Skype for Business mobile users

A growing number of organizations around the world, such as financial institutions and governments, are providing their workers with a smart card device to strengthen the identity authentication process. These organizations are facing a problem while implementing Skype for Business (Lync) mobile authentication requiring the user to enter his or her Active Directory (AD) credentials.

In such organizations, users do not have Active Directory credentials as they use the smart card for authentication instead. This in turn may cause a problem, as Microsoft Skype for Business requires Active Directory (AD) credentials to connect from handheld devices.

To solve this problem, SkypeShield has developed a new security solution for smart card authentication enabling mobile Skype for Business authentication for organizations with a network policy that requires their workers to use smart card login.

SkypeShield’s innovative solution addresses this challenge by applying the authentication process in two separate steps:

• The user creates dedicated Skype for Business credentials from a self-service registration web site after using his/her smart card for authentication to the site from a PC.

• The user then needs to connect his/her mobile device within a limited time frame by entering the dedicated Skype for Business credentials on the mobile device.

SkypeShield’s new solution also addresses account lockout protection and Two Factor Authentication (TFA) for external Skype for Business clients.

“We were approached by customers who couldn’t find a good solution for smart card authentication,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield. “Our simple and easy-to-implement security solution allows organizations to continue maintaining the smart card authentication policy enabling mobile users connect to the corporate network from outside network without using Active Directory credentials.”