At one point or another, we’ve all used the Meet Now tool in Lync/Skype for Business. It’s convenient—one click and you have a ready-and-waiting meeting space. Pull it some co-workers and you can discuss the current project right away.
This is possible because Meet Now is, in a sense, a low-security tool. It bypasses some Skype for Business security, starting up a public meeting that’s open to everyone. No lobby. Come right in.
I bring this up because recently, we had a customer ask us about their Skype Meetings. Essentially, they wanted to take the Meet Now security level and apply it to all of their future Skype Meetings.
No waiting in a virtual Lobby.
No authentication before joining.
Open to everyone.
The first thing we did was tell them two things. One, we could do this. Two, we did not recommend doing it!
Public Meeting Access = Potential for Security Issues
There’s no setting for “totally public” meetings via PowerShell or the Control Panel. But it IS possible to manually configure Skype for Business like this.
The question is, should you?
Allowing anyone to join a meeting, at any time, with no access restrictions introduces all of these security risks.
- Breach of confidentiality
- Introduction of dangerous code
- Theft of intellectual property
- Compliance violation
We recommend AGAINST this course of action. But if you do want to configure your Skype Meetings as totally public – and you understand the security risk this creates – here’s how to do it.
How to Open Skype Meetings to the Public
If you only want to set an individual Skype Meeting as public, all you need to do is modify its options.
When you create a new Skype Meeting, click the Meeting Options button in the ribbon.
The Options window will open. You’ll see Permissions by default. There are two choices:
- A new meeting space (I control permissions), and
- My dedicated meeting space (less secure).
Option 2 uses the same meeting space on the server every time. It also grants everyone in the organization Presenter access.
Note that the option to control who has to wait in the lobby is grayed out.
Option 1 uses a new meeting space on the server. This is more secure, but it also enables you to control who has to wait in the lobby. If you select “Anyone (no restrictions)” then nobody does. Everyone gets in right away, express lane, no waiting.
This is the option we recommend customers use.
Finally, if you want to use the same settings for all of your future Skype Meetings, click the “Remember Settings” button next to the OK.
Remember, this only works for this one Skype Meeting. To make all Skype Meetings totally public by default, you’ll have to modify your Skype for Business Meeting Policy.
First, determine whether you’re changing Meeting Policy Options globally, or by site.
To modify globally, the PowerShell cmdlet to employ is: Set-CsMeetingConfiguration
To modify by site, the cmdlet is: Set-CsMeetingConfiguration -Identity site:[SITENAME]
More on Set-CsMeetingConfiguration from TechNet.
These are the parameters to use.
AssignedConferenceTypeByDefault. True/False. If set to True, scheduled Skype Meetings are set as Public – the conference ID and meeting space URL are the same every time. Just like “My dedicated meeting space” above. If set to False, scheduled Skype Meetings are private, with a new meeting ID & URL each time (just like “A new meeting space” above).
Default is $true. This is a default with which we don’t agree; we prefer (and recommend) customers set to $false and use new meeting spaces each time. But if you want public meetings, you can leave it on default.
Example: Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true
PstnCallersBypassLobby. True/False. Should you automatically admit dial-in (PSTN) attendees? No Lobby? If set to True, then attendees calling in go right into the Skype Meeting. If set to False, then PSTN attendees arrive in the Lobby.
Default is $true. Again, a default we recommend changing for security. But if you want the convenience of no lobby waiting, then set to $false.
Example: Set-CsMeetingConfiguration -PstnCallersBypassLobby $true
AdmitAnonymousUsersByDefault. True/False. Will you allow anonymous users into your Skype Meetings? If set to True, then yes, anonymous users can come right in. If set to False, anonymous users are shut out at the door. Default is $true (grumble).
Example: Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $false
If you wanted to combine all these parameters, the statement would read like this (assuming a global policy change):
Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true -PstnCallersBypassLobby $true -AdmitAnonymousUsersByDefault $true
Further details on these parameters at Andrew Morpeth’s blog: Lync 2013 Meeting Options Policies – UC Geek
Use Caution When Changing Meeting Policy
Once again, we recommend against opening all Skype Meetings to the public. Sure, doing it occasionally for important discussions is fine. Leaving all Skype Meetings open by default, however, invites security breaches you won’t even know about until it’s too late.
Normally, we change all of these options for customers before finishing deployment. We inform the customer, of course, and if they do choose to re-enable an option in Meeting Policy, we advise them of the security risk. That’s our job.
Have you ever experienced a security issue from your Skype Meetings? If so, please comment or email your experience. I’d like to examine this angle further. See what more we as admins can do.