Addressing Threats to On-Premises Conferences for Lync Server 2010
Topic Last Modified: 2011-05-02
Microsoft Lync Server 2010 provides the capability for enterprise users both inside and outside the firewall to create and join real-time Web conferences (meetings) that are hosted on internal Lync Server 2010 servers. Enterprise users can also invite external users who do not have an Active Directory Domain Services account to participate in these meetings. Users who are employed by federated partners with a secure and authenticated identity can also join meetings and, if promoted to do so, can act as presenters. Anonymous users cannot create or join a meeting as a presenter, but they can be promoted to presenter after they join.
On-premises Web conferencing is built on top of the Lync Server 2010 basic security framework:
- All servers are trusted. 
- All server connections and communications between collocated components are MTLS. 
- All communications are encrypted. 
- All users are authenticated. 
Enabling outside users to participate in on-premises meetings greatly increases the value of this feature, but it also entails some security risks. To address these risks, Lync Server provides the following additional safeguards:
- Participant roles determine conference control privileges. 
- Participant types allow you to limit access to specific meetings. 
- Defined meeting types determine which types of participants can attend. 
- Conference scheduling is restricted to users who have Active Directory credentials in the internal network and are enabled for Lync Server 2010. 
- Anonymous, that is, unauthenticated, users who want to join a dial-in conference dial one of the conference access numbers and then they are prompted to enter the conference ID. Unauthenticated anonymous users are also prompted to record their name. The recorded name identifies unauthenticated users in the conference. Anonymous users are not admitted to the conference until at least one leader or authenticated user has joined, and they cannot be assigned a predefined role. 
Participant Roles
Meeting participants fall into three groups, each with its own privileges and restrictions:
- Organizer. The user who creates a meeting, whether impromptu or by scheduling. An organizer must be an authenticated enterprise user and have control over all end-user aspects of a meeting. 
- Presenter. A user who is authorized to present information at a meeting, using whatever media is supported. A meeting organizer is by definition also a presenter and determines who else can be a presenter. An organizer can make this determination when a meeting is scheduled or while the meeting is under way. 
- Attendee. A user who has been invited to attend a meeting but who is not authorized to act as a presenter. 
A presenter can also promote an attendee to the role of presenter during the meeting.
Participant Types
Meeting participants are also categorized by location and credentials. You can use both of these characteristics to specify which users can have access to specific meetings. Users can be divided broadly into internal and external users:
- Internal users have Active Directory credentials within the enterprise and connect from locations inside the corporate firewall. 
- External users are those who temporarily or permanently connect to an enterprise from locations outside the corporate firewall. They might have Active Directory credentials. Lync Server 2010 provides conferencing support for the following types of external users: - Remote users who have a persistent Active Directory identity within the enterprise. They include employees who are working at home or on the road, and others, such as employees of trusted vendors, who have been granted enterprise credentials for their terms of service. Remote users can create and join conferences and act as presenters. 
- Federated users possess valid credentials with federated partners and are therefore treated as authenticated by Lync Server 2010. Federated users can join conferences and be promoted to presenters after they have joined the meeting, but they cannot create conferences in enterprises with which they are federated. 
- Anonymous users do not have an Active Directory identity and are not federated with the enterprise. 
 
Customer data shows that many conferences involve external users. Those same customers also want reassurance about the identity of external users before allowing those users to join a conference. As the following section describes, Lync Server 2010 limits meeting access to those user types that have been explicitly allowed and requires all user types to present appropriate credentials when entering a meeting.
Participant Admittance
In Lync Server 2010, anonymous users and participants for whom authentication fails are transferred to a waiting area called the lobby. Presenters can then either admit these users to the meeting or reject them. This means that anonymous users and participants who use dial-in conferencing but for whom authentication fails no longer need to disconnect and retry. These users are transferred to the lobby, the leader is notified, and the users then wait until a leader either accepts or rejects them or their connection times out. While in the lobby, the users hear music. Anonymous users and participants for whom authentication fails are transferred to a waiting area called the lobby. Presenters can then either admit these users to the meeting or reject them. By default, participants dialing in from the PSTN go directly to the meeting, but this option can be changed to force dial-in participants to go to the lobby. Meeting organizers control whether participants can join a meeting without waiting in the lobby. Each meeting can be set up to enable access using any one of the following methods:
- Organizer only (locked) Everyone except the organizer must wait in the lobby until admitted. 
- People I invite from my company Everyone except participants on the distribution list for the meeting must wait in the lobby until admitted. 
- People from my company All internal users can join the meeting without waiting in the lobby, even if those who are not on the distribution list. All others, including all external and anonymous users, must wait in the lobby until admitted. 
- Everyone including people outside my company (there are no restrictions) Everyone who joins the meeting bypasses the lobby and goes directly to the meeting. 
When any method except Organizer only (locked) is specified, the meeting organizer can also specify People dialing in by phone bypass the lobby.
When any method except Organizer only (locked) is specified, the meeting organizer can also specify People dialing in by phone bypass the lobby.
Presenter Capabilities
Meeting organizers control whether participants can present during a meeting. Each meeting can be set up to limit presenters to any one of the following:
- Organizer only Only the meeting organizer can present. 
- People from my company All internal users can present. 
- Everyone including people outside my company (there are no restrictions) Everyone who joins the meeting can present. 
- People I choose The meeting organizer specifies which users can present by adding them to a list of presenters.