Blog Post

Skype for Business Blog
1 MIN READ

SfB Server Now Supports Blocking NTLM Externally

Natasha Desai's avatar
Natasha Desai
Icon for Microsoft rankMicrosoft
Sep 25, 2018

I am happy to announce that with the CU7 version of SFB Server 2015, we have added the ability to block external NTLM traffic.  This, along with the use of Cert Based Authentication, will allow you to protect your SFB servers from external DOS attacks using username/passwords.  Let me explain.

 

SfB server allows the following protocols that all accept username/passwords – NTLM, Forms Based Auth and Modern Authentication.  In order to combat the DOS attacks, you have to shut down all the external ways that allow username/password.  With the new Get/Set-CsAuthConfig cmdlets in CU7, you can shut down NTLM and Forms Based Auth externally.  Then, you configure your servers to only accept Certificate Based Auth externally. (NOTE: You need Modern Authentication to use CBA.)  Now all the username/password doors are shut and your users use CBA to get in externally.

 

Here is an article that explains the details: Turn off Legacy authentication methods internally and externally to your network.

Updated Sep 25, 2018
Version 1.0