Skype for Business security challenges – part 2

This is second part of the topic: ‘enhancing Skype for Business environment’. In case you miss, check part 1 to get the full picture.

This one will be shorter and quick to read. It’s about authentication of your user accounts. I will write in form of questions and not go through descriptions the idea is to make you reflect on the topic.

4459ddd7-a3ca-47b7-869e-730176fcae51………..skype-signin

And now how can I:

  • enable multi-factor authentication (ex: RSA keys, biometrics, passwordless, …) on SfB Clients?
  • limit specific mobile devices to connect to SfB (ex: iPhone 10.2.1 only, block Huawei devices)?
  • login in SfB with different credentials than my Domain?
  • prevent the user to save credentials locally on any device?
  • restrict a user can sign-in on a maximum of two different mobile devices?
  • prevent two or more users to sign-in from the same mobile device?
  • limit users to sign-in from specific locations/networks (ex: employees service tablet to only inside the sales store Wifi) ? and block from specific countries?

A little side topic: If by this time you have the idea that ‘Skype for Business’ and MS are unsecured,… well most of this challenges can be also observed on the main competitors 🙂

Take me to part 3 >>

 

5 thoughts on “Skype for Business security challenges – part 2

  1. Konstantin 31/03/2019 / 19:17

    login in SfB with different credentials than my Domain?
    prevent the user to save credentials locally on any device?
    restrict a user can sign-in on a maximum of two different mobile devices

    … and make your user live miserable.
    It is always a balance between convenience and security. I’d recommend to check your policies and implement ATA

    • LuisR 31/03/2019 / 21:26

      Hi Konstatin,
      Thanks first for your feedback.

      The statements that I wrote are based on real life feedback, doesn’t mean that I follow or agree with them.
      Agree: the end user is the key balance for your deployments. While I don’t believe that different credentials will improve security (probably the person will just repeat the account name or password after all), as an end-user myself I would feel much safe if I knew that the only device I could use SfB (or email) client were my personal mobile devices.
      your ATA suggestion is also one of the several measures to ensure a safe environment for both users and IT admins.

  2. Skype4BAdmin.com 06/04/2019 / 16:37

    There is a 3rd party reverse proxy app that solves most of these issues known as Skype shield. There are also policies that can be set on the server/client to enable modern authentication for cloud honed users. These support MFA and office 365’s threat protection. With a little work. Skype can be alot more secure. But as usual it comes down to the admin that installs it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.