How to limit Skype for Business usage only to devices with MDM?

­One of the main security challenges many organizations using Skype for Business (Lync) are facing is the need to restrict workers to using Skype on managed devices only.

Many enterprises require that Skype access would be limited to managed devices with installed corporate Mobile Device Management (MDM) software only. These organizations want to verify that these devices meet the company’s security requirements and that using Active Directory (AD) credentials for Skype is only done from a device that is compatible with the company’s security policy.

SkypeShield already has offered one approach based on certificate enrollment. However based on customer feedbacks AGAT Software has extended the solution with the new innovative approach of MDM Binding solution, and now offer a suite that can fit all needs to limits Skype usage only to devices with MDM installed.

Skype for Business MDM Binding

The new solution is compatible with leading MDM vendors including AirWatch, MobileIron, IBM MaaS360, Good Technology and XenMobile.

SkypeShield’s solution offers several deployment approaches to fit the specific MDM implementation. It can be implemented based on one of the following MDM capabilities:

  • Certificate enrollment
  • VPN access control
  • Mobile Application Management (MAM)

It should be noted, that Implementation based on MAM capabilities requires using SkypeShield’s mobile app for Skype usage. In this case, SkypeShield’s server expects to obtain an encrypted background handshake request from the mobile app once the Skype client starts. As a result, only devices with the SkypeShield app can connect to corporate Skype servers.

By implementing the new solution, corporate clients can benefit from Multi-factor authentication (MFA) by adding two additional factors besides the password. The solution offers a high security level by preventing authentication in case of Man ­in­ the­ Middle (MITM) attacks.