At one point or another, we’ve all used the Meet Now tool in Lync/Skype for Business. It’s convenient—one click and you have a ready-and-waiting meeting space. Pull it some co-workers and you can discuss the current project right away.

This is possible because Meet Now is, in a sense, a low-security tool. It bypasses some Skype for Business security, starting up a public meeting that’s open to everyone. No lobby. Come right in.

I bring this up because recently, we had a customer ask us about their Skype Meetings. Essentially, they wanted to take the Meet Now security level and apply it to all of their future Skype Meetings.

No waiting in a virtual Lobby.
No authentication before joining.
Open to everyone.

The first thing we did was tell them two things. One, we could do this. Two, we did not recommend doing it!

Public Meeting Access = Potential for Security Issues

There’s no setting for “totally public” meetings via PowerShell or the Control Panel. But it IS possible to manually configure Skype for Business like this.

The question is, should you?

Allowing anyone to join a meeting, at any time, with no access restrictions introduces all of these security risks.

  • Breach of confidentiality
  • Introduction of dangerous code
  • Theft of intellectual property
  • Compliance violation

We recommend AGAINST this course of action. But if you do want to configure your Skype Meetings as totally public – and you understand the security risk this creates – here’s how to do it.

How to Open Skype Meetings to the Public

If you only want to set an individual Skype Meeting as public, all you need to do is modify its options.

When you create a new Skype Meeting, click the Meeting Options button in the ribbon.

Skype Meeting Options Button

The Options window will open. You’ll see Permissions by default. There are two choices:

  1. A new meeting space (I control permissions), and
  2. My dedicated meeting space (less secure).

Option 2 uses the same meeting space on the server every time. It also grants everyone in the organization Presenter access.
Skype Meeting Options - Less Secure
Note that the option to control who has to wait in the lobby is grayed out.

Option 1 uses a new meeting space on the server. This is more secure, but it also enables you to control who has to wait in the lobby. If you select “Anyone (no restrictions)” then nobody does. Everyone gets in right away, express lane, no waiting.

Skype Meeting Options - More Secure
This is the option we recommend customers use.

Finally, if you want to use the same settings for all of your future Skype Meetings, click the “Remember Settings” button next to the OK.

=====
Remember, this only works for this one Skype Meeting. To make all Skype Meetings totally public by default, you’ll have to modify your Skype for Business Meeting Policy.

First, determine whether you’re changing Meeting Policy Options globally, or by site.

To modify globally, the PowerShell cmdlet to employ is: Set-CsMeetingConfiguration
To modify by site, the cmdlet is: Set-CsMeetingConfiguration -Identity site:[SITENAME]

More on Set-CsMeetingConfiguration from TechNet.

These are the parameters to use.

AssignedConferenceTypeByDefault. True/False. If set to True, scheduled Skype Meetings are set as Public – the conference ID and meeting space URL are the same every time. Just like “My dedicated meeting space” above. If set to False, scheduled Skype Meetings are private, with a new meeting ID & URL each time (just like “A new meeting space” above).

Default is $true. This is a default with which we don’t agree; we prefer (and recommend) customers set to $false and use new meeting spaces each time. But if you want public meetings, you can leave it on default.

Example: Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true

PstnCallersBypassLobby. True/False. Should you automatically admit dial-in (PSTN) attendees? No Lobby? If set to True, then attendees calling in go right into the Skype Meeting. If set to False, then PSTN attendees arrive in the Lobby.

Default is $true. Again, a default we recommend changing for security. But if you want the convenience of no lobby waiting, then set to $false.

Example: Set-CsMeetingConfiguration -PstnCallersBypassLobby $true

AdmitAnonymousUsersByDefault. True/False. Will you allow anonymous users into your Skype Meetings? If set to True, then yes, anonymous users can come right in. If set to False, anonymous users are shut out at the door. Default is $true (grumble).

Example: Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $false

If you wanted to combine all these parameters, the statement would read like this (assuming a global policy change):
Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true -PstnCallersBypassLobby $true -AdmitAnonymousUsersByDefault $true

skypemeetingoptions_cmdlet

Further details on these parameters at Andrew Morpeth’s blog: Lync 2013 Meeting Options Policies – UC Geek

Use Caution When Changing Meeting Policy

Once again, we recommend against opening all Skype Meetings to the public. Sure, doing it occasionally for important discussions is fine. Leaving all Skype Meetings open by default, however, invites security breaches you won’t even know about until it’s too late.

Normally, we change all of these options for customers before finishing deployment. We inform the customer, of course, and if they do choose to re-enable an option in Meeting Policy, we advise them of the security risk. That’s our job.

Have you ever experienced a security issue from your Skype Meetings? If so, please comment or email your experience. I’d like to examine this angle further. See what more we as admins can do.

How to Open Your Skype Meetings to the Public (But You’ll Risk Security)
Facebooktwittergoogle_plusredditlinkedinmail

2 thoughts on “How to Open Your Skype Meetings to the Public (But You’ll Risk Security)

  • May 13, 2016 at 9:45 am
    Permalink

    nifty – options I didn’t realize I had. Definitely looking to go more public with these options –especially for sales and marketing teams

    Reply
  • May 14, 2016 at 2:00 am
    Permalink

    I’ve recently had to reconfigure meetings a similar way for a client of mine. I also reccomend enabling the join announcement. This gives a very similar expierence to most dial in conferencing bridges. With the unique meeting space option enabled the meeting space URL changes each time the user kicks off a new meeting. Thus makes it more secure than most “traditional” bridges. This is not as secure as skype4b can be. But good enough for most businesses

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *