Lync Server Admin Guide: Managing External Connectivity

Enable or Disable External User Access for Your Organization

Enable or Disable Remote User Access for Your Organization

• To enable or disable remote user access for your organization

To enable remote user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowOutsideUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $True

To disable remote user access, set the AllowOutsideUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowOutsideUsers $False

Enable or Disable Federation for Your Organization

• To enable or disable federated user access for your organization

To enable federated user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowFederatedUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $True

To disable federated user access, set the AllowFederatedUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowFederatedUsers $False

Enable or Disable Anonymous User Access for Your Organization

• To enable or disable anonymous user access for your organization

To enable anonymous user access, use the Set-CsAccessEdgeConfiguration cmdlet to set the AllowAnonymousUsers property to True:

Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $True

To disable anonymous user access, set the AllowAnonymousUsers property to False:

Set-CsAccessEdgeConfiguration –Identity global –AllowAnonymousUsers $False

For more information

• Haiku #83: The CsAccessEdgeConfiguration Cmdlets


• The Access Edge Configuration Dialog

Manage Communications with External Users

Manage Remote User Access

• To configure an external access policy to support remote user access

To create an external user access policy that allows access by remote users, use the New-CsExternalAccessPolicy cmdlet and set the EnableOutsideAccess property to True:

New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableOutsideAccess $True

Manage Federated Partner Access

Configure Policies to Control Federated User Access

• To configure a policy to support access by users of federated domains

To create an external user access policy that allows access by federated users, use the New-CsExternalAccessPolicy cmdlet and set the EnableFederationAccess property to True:

New-CsExternalAccessPolicy –Identity "RedmondExternalAccess" –EnableFederationAccess $True

Enable or Disable Discovery of Federation Partners

• To enable or disable automatic discovery of federated domains for your organization

To enable automatic discovery of federated domains, use the Set-CsAccessEdgeConfiguration cmdlet and the UseDnsSrvRouting parameter, and set EnablePartnerDiscovery to True:

Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $True

To disable automatic routing, use the UseDefaultRouting parameter, and set DefaultRouteFqdn to the fully qualified domain name of the Edge Server used for federation requests:

Set-CsAccessEdgeConfiguration -UseDefaultRouting -DefaultRouteFqdn "atl-edge-001.litwareinc.com"

Control Access by Individual Federated Domains

• To add an external domain to the list of allowed domains

To add a domain to the list of domains your users are allowed to communicate with, use the New-CsAllowedDomain cmdlet followed by the fully qualified domain name of the allowed domain:

New-CsAllowedDomain -Identity "fabrikam.com"

• To add an external domain to the list of blocked domains

To add a domain to the list of domains your users are not allowed to communicate with, use the New-CsBlockedDomain cmdlet followed by the fully qualified domain name of the "outlawed" domain:

New-CsBlockedDomain -Identity "contoso.com"

Enable or Disable Sending an Archiving Disclaimer to Federated Partners

• To enable or disable sending an archiving disclaimer to federated partners

To display an archiving disclaimer to federated partners at the beginning of an instant messaging session, use the Set-CsAccessEdgeConfiguration cmdlet and set the EnableArchivingDisclaimer property to True:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $True

To prevent the display of the archiving disclaimer, set the EnableArchivingDisclaimer property to False:

Set-CsAccessEdgeConfiguration –Identity global -EnableArchivingDisclaimer $False

For more information

• Haiku $107: The CsExternalAccessPolicy Cmdlets


• Haiku # 83: The CsAccessEdgeConfiguration Cmdlets


• Haiku #3: The CsBlockedDomain Cmdlets


• The Edit External Access Policy Dialog


• The Access Edge Configuration Dialog


• The New Federated Domains Dialog (Allowed Domains)


• The New Federated Domains Dialog (Blocked Domains)

Manage IM Provider Support

Configure Policies to Control Access by Users of IM Service Providers

• To configure an external access policy to support public user access

To enable users to communicate with a public provider such as MSN or AOL, use the Set-CsExternalAccessPolicy cmdlet to set the EnablePublicCloudAccess property of the appropriate external access policy to True:

New-CsExternalAccessPolicy -Identity site:Redmond -EnablePublicCloudAccess $True

Specify Supported IM Service Providers

• To configure support for an IM service provider

To enable users to communicate with a new public provider, use the New-CsPublicProvider cmdlet to add the new organization to the list of approved providers:

New-CsPublicProvider -Identity "Fabrikam" -ProxyFqdn "proxyserver.fabrikam.com" -Enabled $True -VerificationLevel "AlwaysUnverifiable"

Configure Conferencing Policies to Support Anonymous Users