Exchange Unified Messaging Security Levels

Lync Server 2010

Topic Last Modified: 2011-05-15

Microsoft Lync Server 2010 uses Microsoft Exchange Server 2010, Exchange Server 2010 with Service Pack 1 (SP1), and Microsoft Exchange Server 2007 with Service Pack 2 (SP2) Unified Messaging (UM) to provide voice mail, missed call notification, and auto-attendant services. An Exchange UM dial plan supports three different security levels: Unsecured, SIPSecured, and Secured. You configure security levels by means of the UM dial plan’s VoipSecurity parameter. The following table shows appropriate dial plan security levels depending on whether MTLS, SRTP, or both are enabled or disabled.

Table 1. VoIPSecurity Values for Various Combinations of Mutual TLS and SRTP

Security Level Mutual TLS SRTP





Enabled (required)



Enabled (required)

Enabled (required)

When integrating Exchange UM with Lync Server 2010, you need to select the most appropriate dial plan security level for each voice profile. In making this selection, you should consider the following:

  • MTLS between Exchange UM and Lync Server is the default configuration. Therefore, the dial plan security level of SIPSecured or Secured is recommended. The use of SIP dial plans with a security level of Unsecured is not supported.

  • If you set the dial plan security to SIPSecured, SRTP is disabled. In this case, the Microsoft Lync 2010 client encryption level must be set to rejected or optional.

  • If you set the dial plan security to Secured, SRTP is enabled and required by Exchange UM. In this case, the Lync 2010 client encryption level must be set to optional or required.