Transcript Securing External Access

Lync perimeter—
recommended topology
Adding a Lync Director
Remote access
through VPN
Lync Edge Server in
the topology
Log analysis: candidates
Log analysis: final candidates
Implementing TwoFactor Authentication
authentication
http://en.wikipedia.org/wiki/2FA
Establish a trust partnership from ADFS to Lync Server
Configure ADFS to support client authentication
On Lync Server, disable Kerberos and NTLM, enable Passive Authentication and Certificate Authentication
(Registrar and Web Services)
Configure Lync Server to trust the Federation Service Name of ADFS
Grant desired policies to users
Ensure Autodiscover points to a pool configured for Passive Authentication, or provide manual configuration
http://technet.microsoft.com/en-us/library/dn308569.aspx (generic server configuration for Passive Authentication)
http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passiveauthentication.aspx (step by step configuration for Lync Mobile)
Reverse proxy
http://technet.microsoft.com/en-US/lync/gg131938.aspx
http://blogs.technet.com/b/nexthop/archive/2013/02/19/
using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
http://technet.microsoft.com/en-us/library/dn280944.aspx
http://blogs.technet.com/b/dodeitte/archive/2013/10/29/how-to-publish-lync-server-2013web-services-with-windows-server-2012-r2-web-application-proxy.aspx
Q&A