Security framework for Skype for Business Server

This section provides an overview of the fundamental elements that form the security framework for Skype for Business Server. Understanding how these elements work together is essential to making informed decisions about securing your particular Skype for Business Server deployment.

These elements are as follows:

  • Active Directory Domain Services (AD DS) provides a single trusted back-end repository for user accounts and network resources.

  • Role-Based Access Control (RBAC) enables you to delegate administrative tasks while maintaining high standards for security.

  • Public Key Infrastructure (PKI) uses certificates issued by trusted certification authorities (CAs) to authenticate servers and ensure data integrity.

  • Transport Layer Security (TLS), HTTPS over SSL (HTTPS), and mutual TLS (MTLS) enable endpoint authentication and IM encryption. Point-to-point audio, video, and application sharing streams are encrypted using Secure Real-Time Transport Protocol (SRTP).

  • Industry-standard protocols for user authentication, where possible.

  • Windows PowerShell provides security features that are enabled by default so that users cannot easily or unknowingly run scripts.

These fundamental security elements work together to define trusted users, servers, connections, and operations to help ensure a secure foundation for Skype for Business Server.

In this section

The topics in this section describe how each of these fundamental elements works to enhance the security of your Skype for Business Server infrastructure.