Tom Talks Microsoft Teams and Skype for Business thoughts and news

Skype for Business Server 2015 CU7 Now Supports Blocking external NTLM (username/password auth) for Security

An open potential issue with SfB server has been the potential to get a list of accounts, try lots of random passwords and lock those accounts out.

With the new Get/Set-CsAuthConfig cmdlets in CU7, you can shut down NTLM and Forms Based Auth externally.

For more PowerShell information:

Then, you configure your servers to only accept Certificate Based Auth externally. (NOTE: You need Modern Authentication to use CBA.)

Now username/password auth is disabled, your users use Certificate Based Auth to get in externally

Here is an article that explains the details: https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/modern-authentication/turn-on-modern-auth

Original Microsoft post: https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/SfB-Server-Now-Supports-Blocking-NTLM-Externally/ba-p/261696

About the author

Tom Arbuthnot

Tom Arbuthnot is Principal Solutions Architect at Unified Communications specialist Modality Systems. He is a Microsoft Certified Master and MVP, blogger, has a regular podcast with UCToday at tomtalks.show and is a regular speaker at events including Microsoft TechEd and Ignite. He co-runs The Microsoft UC User Group London.

Add comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tom Talks Microsoft Teams and Skype for Business thoughts and news