Q
Get started Bring yourself up to speed with our introductory content.

How do you deploy and secure Lync for mobile?

How do you extend Lync to mobile devices and ensure its security? Unified messaging expert Richard Luckett explains how to make Lync mobile and secure.

To support Lync for mobile devices, Microsoft first introduced Mobility Service and Autodiscover Service as add-on...

features for Lync Server 2010 in November 2011. The mobility service enabled Lync Server organizations to support iPhone, iPad, Android, Windows Phone and Nokia devices. The Autodiscover Service allowed mobile devices to locate Lync Server from internal or external networks.

Microsoft then built these features into Lync Server 2013 when it introduced its Unified Communications Web API (UCWA) to support the Lync 2013 mobile client’s enhanced features -- like VoIP and video for meetings.

In conjunction with the release of the mobility service, Microsoft launched Lync mobile client applications for the devices. The features and capabilities vary across different mobile client versions and devices. Mobile device capabilities are grouped together in the following areas: archiving/compliance, conferencing, contacts, enhanced presence, external users, instant messaging, Lync-to-Lync A/V, sign-in/out and push notifications, and telephony.

Microsoft offers a detailed comparison of its mobile clients and the Lync 2013 desktop client. Another key component in extending Lync to a mobile device is the Push Notification Service, which is hosted by Microsoft and is required by the Lync 2010 mobile client for iOS devices and the 2010 and 2013 Windows Phone mobile clients. Without the Microsoft Push Notification Service and Apple Push Notification Service, inactive devices would not be able to receive and respond to IM invitations and other events. The Apple Push Notification Service is no longer required for iOS devices running the Lync 2013 mobile client.

Ensuring Lync is secure on mobile

To make sure Lync is secure on mobile devices, administrators must properly configure their public and private domain name system (DNS) to support the Autodiscover Service. The Autodiscover Service is not only used by mobile clients, but by Lync 2013 desktop clients to configure the clients with the information they need to connect to the server. If a client is external, it will look for the lyncdiscover.sipdomain.tld record in the public DNS. If the client is internal, it will need to resolve to the lyncdiscoverinternal.sipdomain.tld record in the private DNS. In both cases, Lync clients depend on a reverse proxy server to connect them to the mobility service, which is only enabled in the external Web services directories on the Lync servers.

One of the keys to securing mobile clients is through the proper deployment of certificates on the Lync servers. Another aspect of mobile device security is determining which users will be able to have access to the mobility features. Using Lync's mobility policy, an administrator can govern the use of features. These policies are managed within the Lync Server Management Shell Policy. Policy options include: AllowExchangeConnectivity, AllowSaveCallLogs, AllowSaveCredentials, AllowSaveIMHistory, EnableMobility, EnableOutsideVoice, EnableIPAudioVideo, RequireWiFiForIPAudio, RequireWiFiForIPVideo, RequireWiFiForSharing.

Two policy options pertain directly to the security of the mobile clients. When a mobile client authenticates with Lync Server, it will potentially use an NT LAN Manager. To reduce the exposure of these credentials, it is possible to prevent a device from storing the credentials by setting AllowSaveCredentials to $False. To prevent multiple authentication attempts from a mobile client to the Exchange server, it is possible to disable the Exchange Web Services (EWS) from the mobile client by setting the AllowExchangeConnectivity to $False. Just beware that this will disable voicemail in email and meeting links in the calendar, which may not be what you want. For more on this topic see Securing external and mobile access in Lync 2013.

Do you have a question for Richard Luckett or any of our other experts? Ask your enterprise-specific questions today. (All questions are treated anonymously.)

Next Steps

Cisco and Microsoft's mobile market battle

How Lync measures up in the marketplace

This was last published in February 2015

Dig Deeper on Mobile Unified Communications Applications

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you use Microsoft Lync for mobile? Why or why not?
Cancel
Lync for Mobile is used across the organization, but not by everyone, nor is it standard. This is mostly because the mobile versions have been buggy, with numerous connectivity issues reported, for both iOS and Android devices, when it was first made available to employees. I think the experience has improved somewhat since then, but now its use needs to overcome the bad perception most employees have of the mobile version. I think it will help now that our implementation of Lync has been fully integrated with our Polycom system.
Cancel
We have made the decision not to use Lync for mobile because it seems unnecessary. The mobile devices already employed by our staff and workers have a system that allows simultaneous syncing to each other and to the main office system. Adding Mobile Lync at this point is an unneeded redundancy. It would also require staff training and education, both unneeded time wasters.
Cancel

-ADS BY GOOGLE

SearchCRM

SearchNetworking

SearchSDN

SearchTelecom

SearchITChannel

Close