The Future of Enterprise Skype for Business Server: Your Feedback

What will enterprises do with their on-prem Skype for Business deployments after 2020? What factors weigh upon those decisions? I asked you…and you answered!

I received several responses from enterprise admins, all running Skype for Business Servers on-prem. Some went as I expected…while others gave me a few surprises!

Dog Sounding Off
Sounding Off!
Photo by Robert Szadkowski on Unsplash

Thank you to everyone who responded. Now it’s time to collate the feedback and see what the future may hold.

These are my overall feedback impressions:

  • All respondents knew about the 2020 on-prem ‘deadline’
  • Most have a plan to address it already, but those plans have either not begun or are still in debate with Management
  • Cost is one major factor, but Call Performance and Maintenance are equally important
  • Approximately half were in favor of moving to Teams. Half were not.

Let’s go through all of these.

Expected Costs, and What’s More Important

I didn’t get much in the way of direct numbers. Some admins had their Skype for Business costs wrapped into larger server stacks; others had third parties supporting their Skype4B and would have to take time away from other projects to request numbers. C’est la vie.

What numbers I did get indicated the following…

Costs for (virtual) servers averaged around $1500-1800 per, over 5 years. However this didn’t appear to weigh heavily on future updates/migrations. Since deployments are complete by now, install costs aren’t seen as a consideration. Neither is power, curiously enough…no one brought it up as a cost concern OR post-2020 savings.

The bigger cost concerns are:

  1. New user licenses & phones. If we assume a deskphone like the Polycom VVX 300, then the phone cost is about $100. Add $36 for a user CAL and you have $136 per new user. Not a huge cost, but one that adds up over time.
  2. Maintenance. Costs for monthly server maintenance ranged from almost $0 to nearly $500. This concerned the majority of respondents. While server maintenance is a part of every admin’s life, it takes up time we could use productively elsewhere. Regaining that time through a reduction in servers – or a cloud migration – appeals to most.

Which costs would they save on with Teams? Most said administrators. Going from 4 admins to 1-2, for example. Reduced need for maintenance = less admin time required = fewer admins ultimately needed.

(This is not to say you should drop all admins when going to Teams. Our own experience shows that Office 365 is NOT 100% maintenance-free!)

One respondent, Rob G., said it wasn’t really a matter of cost—but rather performance. From his feedback:

“The reality is, enterprise security teams/policies will end up pushing many companies to ‘as a service’ solutions not due to any inherent cloudy advantages but simply because it’s the cheapest way to shadow IT any latency-sensitive applications out of a dynamic security agent network.”

Interesting position to take…and illuminating. Whether or not costs change, at least one enterprise will move to Teams for performance’s sake. I have to admire such a position, honestly.

The Skype for Business ecosystem advanced real-time, Internet-based voice communications a LONG way in the past few years. Still some hiccups though, depending on bandwidth and systems architecture. Focusing on performance makes a lot of sense for any company with thousands of employees under its roof.

After 2020, Skype4B Enterprises Will Scatter

So, the original question:

Is moving to Teams/Office 365 at enterprise-level really a cost savings over on-prem Skype for Business?

In some cases, yes. In some cases, no. But it turns out that the question itself is immaterial.

Some enterprises will move to Teams, even if it costs more. Others will move to another on-prem UC solution. A few will cling onto Skype for Business Server until the very last.

When that time comes, we’ll have to check back in with everyone. See what factors are in play then!

Future Planning
“I’m not sure this is the best way to plan our next systems deployment, Alex.”
“Too late to back out now, Mike. Oh, and check.”
Photo by rawpixel on Unsplash

Running an on-prem Skype for Business Server? What are your plans for the future?

Is Skype for Business GDPR Compliant? What About Teams?

I’ve received feedback from several enterprise sysadmins and consultants about on-prem costs. Thanks very much! It’s not quite enough to comfortably make some 2020 predictions though…if you haven’t responded yet, please take a moment. It really can help us all.

Now, on to today’s topic. GDPR.

I know, I know. “I got a hundred ‘privacy update’ emails already! I don’t want to hear about GDPR ever again!”

Hopefully this post will come as something of a relief. You may not need to worry about GDPR compliance (yet). Even if you do, Microsoft’s actions make the problem easier to tackle. Let’s see how, and why.

What GDPR Requires

GDPR mandates certain privacy announcements, policies, and rights for the consumer in the European Union. It’s all about the data users generate. Not just banking numbers either—personal information, text about their activities, etc.

Essentially, GDPR says you must:

  1. Tell users what data you’re collecting about them;
  2. Tell them about the sales/marketing campaigns to which they’re agreeing; and
  3. Comply with any request to remove data about them from your systems.

Just an extension of what most responsible businesses already do.

GDPR privacy agreements
“Is this contract compatible with GDPR?” “Uhm…”

Photo by rawpixel on Unsplash

“But we’re not based in the EU,” you might say. Even so, you will need to make sure you’re GDPR compliant if you:

  • Have European offices,
  • Store customer data in the EU, or
  • Have European customers/users.

At this point, if these stipulations apply, I’d expect you’ve already prepared for GDPR compliance. But what about your Microsoft software, like Skype for Business or Teams? Did Microsoft already make them GDPR compliant, or do you have to do anything?

Microsoft and GDPR: A Little Proactivity Goes a Long Way

Skype for Business is not a customer marketing system. Neither is Teams. They’re meant for communications.

However, some companies will use them to communicate with customers, and possibly market to them (say via a customer’s dedicated Teams channel, or Skype Meeting-hosted webinars). If that’s you, and the above requirements apply, then you must comply with GDPR.

Fear not! Microsoft has provided many resources for us. Starting with the GDPR Privacy Center – It includes several ebooks, a Compliance Manager tool, and a GDPR Assessment tool.

The tools will come in handy, as we’ll see in a moment.

When it comes to Skype for Business/Teams and GDPR, these MS resource pages give us guidelines:

  1. GDPR for Skype for Business Server and Lync Server – Microsoft Docs
  2. Overview of Office 365 Information Protection for GDPR – Microsoft Docs
  3. GDPR for Exchange Server – Microsoft Docs

In general, the on-prem versions are compliant by default, provided you secure the physical/virtual servers & limit permissions. Existing data export cmdlets facilitate GDPR privacy requests, like “Export-CsUserData.”

Now, Office 365 compliance. Since MS controls the Office 365 servers, it has to enforce GDPR compliance at server-level. That’s good news for Teams users. As long as you’re only working with US customers and have no European offices, you can probably relax.

GDPR Privacy in Skype4B/Teams
Your data is behind this door.

Photo by Dayne Topkin on Unsplash.

This site provides a list of MS O365 data locations worldwide: Where is your data located? [USA] – Teams data is stored in:

  • Blue Ridge, VA
  • Cheyenne, WY
  • Chicago, IL
  • Des Moines, IA
  • Santa Clara, CA
  • Quincy, WA

All US-based datacenters. This alleviates the ‘Store customer data in the EU’ stipulation from earlier.
(Santa Clara though…I don’t want to know what they paid for THAT real estate!)

I checked France and the UK too; native datacenters store their Teams data. U.S. data in the U.S., EU data in the EU. Makes sense. Makes things easier for everyone too.

You should still check your current data though. The Compliance Manager tool I mentioned will determine if you possess data subject to GDPR. If so, you’ll have to classify that data in your Office 365 tenant, and maybe use labels to notify customers.

“We have X data on you, you must pay 1 Bitcoin to—” Whoops, sorry, wrong line of thought.

If you market via Skype for Business/Teams to EU customers, then you must comply. If not, relax.

Adjusting Skype for Business/Teams for GDPR compliance may take a little configuration. But if you have data protection policies in place (and you should), then most of the work’s already done for you.

What changes (if any) did GDPR mandate in your Skype for Business/Teams deployment?

The Call Goes Out – Enterprise Skype for Business Admins, Sound Off on On-Prem Costs!

Well, my last post certainly poked a hornet’s nest, didn’t it?

First things first: I DID oversimplify the comparison. Not intentionally, but that’s what came out. Mea culpa.

I was aiming to do as straightforward a comparison between Skype for Business on-prem and cloud as I could. However, it seems a strict apples-to-apples comparison won’t work.

Skype for Business requires other Microsoft servers to work at full capacity. These servers are already bundled into Office 365…and a few more besides. Microsoft has stacked the proverbial deck away from its on-prem offering. That’s their call, of course. In fairness, it does have benefits for businesses—even enterprises.

So, let’s see what I can do to sharpen my prognostication.

Polishing the Post-2019 Crystal Ball: Enterprise-Level Skype for Business Facts

Here are the facts we’re dealing with right now.Dog with glasses

  1. Microsoft is merging Skype for Business (Online) into Teams. Expected completion date: End of 2018.
  2. Skype for Business Server will get a 2019 on-prem version in late 2018/possibly early 2019.
  3. After 2019, no Skype for Business Server on-prem versions are expected. One more version is possible, according to the rumor mill, but nothing definite.
  4. In 2020, mainstream support for Skype for Business Server 2015 will expire. Enterprises which haven’t updated to 2019, or moved over to Teams, will need to pay for extended support.
  5. Using Teams requires a monthly fee for Office 365 subscription, but it eliminates the need for most on-prem server hardware and lowers overall power cost.
  6. When it comes to IT infrastructure, enterprises are not as nimble as smaller businesses. That’s a statement of their infrastructure’s complexity, not any form of criticism.

It’s therefore reasonable to state that enterprises currently using Skype for Business Server 2015 will, in 2019-2020, have to make a decision about their phone systems and related communications tools.

  1. Pay for extended support
  2. Move to Skype for Business Server 2019
  3. Move to Office 365/Teams
  4. Move out of the Microsoft ecosystem entirely

All of which involve additional costs.

With all this in mind…IS moving to Teams/Office 365 at enterprise-level really a cost savings over on-prem Skype for Business?

Work in Enterprise IT? I Request Your Feedback.

I’m putting the call out.

Most of our Skype for Business customers, on-prem and through Office 365, are small to mid-market. While we have several enterprise customers, only one runs Skype for Business Server. As such, my sample size is too low for a proper analysis.

That’s where you come in. If you work in Enterprise IT, please share your feedback on these 2 questions:

  1. Do you work for, or consult for, an enterprise currently using Skype for Business Server (on-prem)?
  2. If so, could you share approximated numbers on their Skype for Business Server installation and/or maintenance costs?

(Anonymized data, of course. I don’t even want the business name. We shall have no security leaks here!)

Dog ears
I’m all ears!
Photo by Claudie-Ann Tremblay-cantin on Unsplash

Comments are welcome. If you’d prefer to email me, here’s the address. Or message me on Twitter at @PlanetMagpieIT.

Support Skype for Business at a Non-Enterprise Level? I Also Request Your Feedback.

If you don’t work for an enterprise, but still support Skype for Business Server deployment, let me ask you this. What will you do after Skype for Business Server 2019 comes out?

Stick with it as long as you can? Move to Office 365? Hybridize? Switch to another Unified Communications solution?

I’d love to know what plans you have (if any at this time) for avoiding this little quagmire.

I will collect all feedback, including cost numbers given, and tabulate them. Hopefully we get a conclusive result from those numbers:

  • Yes, enterprises will save money moving from Skype for Business to Teams
  • No, enterprises will spend more money moving from Skype for Business to Teams

Thanks for reading, and for your feedback. Until next time!

The Skype for Business Quagmire Creeping Up on Enterprises

Skype for Business Server has one new version coming. After that, enterprises could get stuck between an economic rock & a financial hard place.

Skype for Business Server 2019 is coming. However, given all the pushes toward O365/Teams, it’s not unreasonable to presume that 2019 will be the last on-prem version of Skype for Business.

This presents a major problem for larger businesses. They will either have to move to Teams, or investigate another on-prem Unified Communications provider.

What’s wrong with moving to Teams? Nothing! …except possibly cost. When you scale up to enterprise-level user bases, a cloud service like Office 365 could really strain the budget. What if your business has 1,000 users? 5,000? 10,000+? Even if you’re paying a few dollars per user per month, the total monthly cost for all those O365 subscription licenses adds up fast!

Let’s look at the whole conundrum enterprises using Skype for Business will have to face. It’s a quiet, creeping financial snarl…and it’s coming in just a few years.

Does Teams Cost Less than Skype for Business Server? No, and Here’s Why.

First, let’s talk numbers. Microsoft touts Office 365 and Teams as its “Intelligent Communications” option for businesses, and wants everyone to move to the O365 platform. Okay, fine. How does that work out cost-wise for enterprises?

Let’s say we have three businesses—one with 1,000 users, one with 5,000 users, and one with 10,000 users. How much would these businesses spend if they all used Teams (and Office 365)?

I’ll use two subscription levels here: E1 and E5. Why these? Because we’re finding that our O365 customers, even smaller ones, need one of these two levels the most. They need the backend services E1-E5 gives them. If they already have Office licenses, they go to E1. If not, E5.

I am using the Office 365 ROI Calculator for the monthly cost per user. It gives slight discounts on the regular costs.

E1 Monthly Costs*:

  • $6.59 x 1,000 users = $6,590/month x 12 = $79,080/year
  • $6.38 x 5,000 users = $31,900/month x 12 = $382,800/year
  • $6.18 x 10,000 users = $61,800/month x 12 = $741,600/year

E5 Monthly Costs*:

  • $28.82 x 1,000 users = $28,820/month x 12 = $345,840/year
  • $27.93 x 5,000 users = $139,650/month x 12 = $1,675,800/year
  • $27.04 x 10,000 users = $270,400/month x 12 = $3,244,800/year

(*Monthly values do not include initial setup fees or hardware maintenance.)

These numbers quickly move from ‘doable’ to ‘ridiculous.’ Dropping 3 million a year for Office 365?

Let’s compare these numbers to the cost of an on-prem Skype for Business Server. I’ll use numbers from a previous post on this topic:

Skype for Business Server with 1,000 Users:

  • 1 Front End Server License (MSRP) – $3,646.00
  • 1,000 Standard User CALs – $36.00 each, or $36,000 total
  • 1,000 Enterprise User CALs (Conferencing & desktop sharing) – $124.00 each, or $124,000 total
  • 1,000 Plus User CALs (Voice & call management) – $124.00 each, or $124,000 total

Total: $287,646

Exchange Server (for voicemail):

  • 1 Exchange Server (Enterprise) License – $4,051
  • 1,000 Standard User CALs (MS Open License) – $5.00 each, or $5,000 total
  • 1,000 Enterprise User CALs (MS Open License) – $55.00 each, or $55,000 total

Total: $64,051

Grand Total for 1,000 users: $351,697
(This is a three-year cost, and assumes no discounts.)


Skype for Business License Cost
You’ll need a few stacks of these…

Photo by Pepi Stojanovski on Unsplash

So if an enterprise with 1,000 users opted for an on-prem Skype for Business Server, it would cost roughly the same as 1 year of Office 365 E5. Fair enough. But the Skype for Business Server has a three-year usability period…

Assuming a 5% maintenance cost (about $17,500) for Years 2 and 3, they would end up paying $386,697 over those three years. If they went with E5 and didn’t have any maintenance costs at all, they’d end up paying $1,037,520.

At enterprise-level, Teams actually costs more than its predecessor!

The Quagmire: Skype for Business is Going Away

This is a serious cost discrepancy. Big enough to push larger businesses away from Office 365, back to on-prem.

Now, some enterprises would have no problem paying these amounts. They also get additional value from the related O365 services (see Addendum below). If so, great, more power to them! However, Accounting usually likes to save money. These numbers may cause them to balk.

What will the enterprise do if they want to save money? At these user counts, an on-prem server actually saves money. Sticking with Skype for Business Server makes economic and organizational sense.

But what about after Skype for Business Server 2019? Microsoft has not clarified if another version is on the roadmap. Given their merging all Skype for Business tools into Teams, it does not look likely. If there’s no on-prem version coming after 2019, then enterprises are stuck! They’ll have three choices:

  1. Move to Teams anyway,
  2. Keep their Skype for Business Server running as long as possible, and/or
  3. Switch to another on-prem Unified Communications provider.

On-Prem Skype for Business Alternatives for Future Succession

I cannot accurately speculate the Unified Communications landscape in 2020 and beyond. All I can do is look at what’s available now, and prognosticate their future offerings.


On-Prem Unified Communications Choices
2019 is coming fast.
Photo by Eric Rothermel on Unsplash.

If all you need is video conferencing and the cloud is OK, you should still have alternatives like,, Workplace, or Slack. I don’t think any of these will go anywhere.

If you’ll need an on-prem, full-capability Skype for Business Server successor, I expect the following will still be around:

I’m NOT saying these solutions are better than Skype for Business Server (or Office 365 for that matter). Just presenting alternatives that have staying power.

Enterprises: The Time to Start Thinking about your On-Prem Skype for Business is Now

Microsoft’s push away from on-prem to the cloud has merits, in many respects. That said, just because a larger business has the budget to spend on lots of cloud services, doesn’t mean it’s the best use of the money. Office 365 may just not be the choice for them.

Unfortunately that presents a serious financial quagmire. It’s not here yet…but it’s coming.

(By the way, we will gladly support on-prem Skype for Business Servers into 2020. And beyond!)

Enterprise IT employees, what’s your Unified Communications outlook for the future?

ADDENDUM 5-17-18: As Mark pointed out in the comments, I didn’t factor in other Office 365 services as a pricing justification. This is true, and a good point for him to make. Office 365 does come with more than Teams – Exchange, SharePoint, OneDrive, etc. It also reduces the need for on-prem hardware and staff.

I don’t want to minimize the value here. O365 can be a huge help for businesses who need full-fledged IT infrastructures, and may not have the budget to build them on-prem. That said, I’m still not sure enterprises would gain financially from an Office 365 move as opposed to on-prem. At least as far as Skype for Business is concerned.

(I may do a follow-up post to address this part of the situation in more detail. Stay subscribed!)

Scenes from the ChatOps War

Group Messaging/Chat continues to expand, as each challenger battles its competitors. Here’s where we stand.

Slack and Teams Stay Neck-and-Neck

These two are ‘the’ names when it comes to ChatOps (business-grade chat/messaging platforms).

Slack VS Teams
“En garde, Slack!” “I say, Teams!”

Teams continues to expand its user base. It’s up to 200,000 organizations as of March 2018. But we don’t know how many individual users that is; Microsoft hasn’t said. It has huge potential to grow further, especially once it’s finished absorbing Skype for Business by end of year (give or take).

Conversely, Slack has more than 6 million daily active users! 2 million of these are paying customers. Even without the free tier, Slack stomps all over Teams in terms of business usage.

Two heavyweights battling it out encourages good competition and ultimately benefits the user. However, the market has more contenders…and they aren’t sitting idle either.

Integration Comes to Workplace (though Slack and Teams are Well Ahead)

Facebook’s Workplace just added an integration feature with a bunch of potential add-ons. Thanks to the integration, Workplace users can now connect services like Microsoft SharePoint, Hubspot, Jira (project management), and so on.

Workplace by Facebook LogoThe full list is here: Workplace Integrations.

While this is a welcome move, it’s also a catch-up move. Slack and Teams have had third-party integration capabilities almost since inception. They also have many more integrations available.

Looks like Facebook wants to keep Workplace as a separate, work-friendly brand. If so, they’ll continue to face an uphill battle, due to the Cambridge Analytica scandal and ongoing privacy concerns. Because of these concerns, my Workplace trial ended with the question of whether businesses would try Workplace out.

So far, it would appear they have. At least 30,000 businesses now use Workplace. Still in third place, and they’ll have to keep pushing. But the user count does put Workplace in striking range of Teams. A new theater has opened up in Facebook vs. Microsoft.

Other Competitors Nipping at the Big Dogs’ Heels

There’s more than just Workplace to watch out for though. I’ve mentioned Atlassian Stride and Google Hangouts on this blog before. What’s going on with them?

Atlassian StrideStride (formerly HipChat) hit General Availability in March. As it’s so new, user numbers aren’t readily available. I’m curious to see how this one goes…it looks near-identical to Teams, although some beta users complained about audio/video quality.

Google split Hangouts in two last year, creating Hangouts Meet (video meetings) and Hangouts Chat (group chats, like Slack/Teams). Not sure why they split them, but hey, I don’t work at Google.Google Hangouts Icon

This strikes me as an after-the-fact change…after Slack roared past Hangouts, they had to race to keep up. However, there are two smart moves within the split:

  1. Voice is part of Meet only. Google restricted Chat to…chat. Meet focuses on video calls, of which voice is just a part, but it centralizes the audio/video experience into one app. Makes it easy to know which app to use.
  2. Google integrated Hangouts Meet/Chat into the G-Suite. Like Teams is part of Office 365, Hangouts Meet & Chat are there for G-Suite business users. The tactic worked for Teams; I bet Google’s hoping this will work for Hangouts.

The Reason Behind the Battle: Chat’s Multi-Generational Appeal

Why is chat so popular all of a sudden? I think it’s because chat is an intergenerational medium. It’s something the past few generations have grown up using. It’s also something that’s ‘grown up’ through successive generations of the technology.

In the Internet’s early days you had BBSes and IRC.
Then along came AIM, ICQ, and Yahoo Messenger.
Next came Skype, Facebook, and WhatsApp.
Now we have Slack, Stride, Teams, Fuze, Hangouts, and several more.

Each generation had a chat platform for communication. Chat itself went through generations, advancing in capability, expanding in reach. Now we have a generation of chat platforms that can handle almost any form of communication.

arm wrestling photo
Hey hey, no cheating!
Photo by mcgrayjr

But it’s all centered around the oldest, simplest, and most familiar communication method most of us have ever known…plain, direct, text-to-text messaging.

Where the Battle Goes Next: Long-Term Teamwork Value

ChatOps have one mission: to facilitate teamwork. You can generally tell how well they do this by adoption and frequency of use.

However, short-term numbers aren’t the best indication of value to a team. Long-term adoption rates, after the novelty wears off and the team becomes accustomed to using the platform, determine who will win the “ChatOps War.”

So far, Slack and Hangouts have been around the longest. Between those two, people obviously prefer Slack. It has greater long-term teamwork value. Teams and Workplace are coming up, and Stride is a wildcard. By this time next year, we may see the triumph of Teams, the emergence of Stride, or another challenger rise.

Which ChatOps platform does your workplace use? What are your thoughts on it?

How to Prevent Malware Infections via Skype for Business

Like all computer systems, Skype for Business is vulnerable to cyberattack. Let’s talk about how to prevent one from happening.

What a Skype for Business Cyberattack Can Look Like

Skype for Business Down
We lost Skype AND email?!

Unfortunately, real-life circumstances prompted this post. We recently had to help a customer deal with a ransomware infection that affected most of their servers. (I’ll keep details private of course.)

The customer called us in a panic. They’d lost email, Skype for Business, and several client desktops. Someone had clicked a phishing link & triggered a Locky infection. We did have some backups available, but wound up having to wipe/replace a couple systems.

While this wasn’t the first time we’d helped resolve a ransomware infection, it was the first time the ransomware hit someone’s Skype for Business Server. I’m not sure the exact route Locky took to reach it, but I believe it got in via an abandoned administrator’s account. They had a systems admin leave the company a few months prior—but they hadn’t shut off his account!

The aftereffects: Four days of lost business, a bunch of angry clients, unknown number of emails lost, thousands spent on emergency support and replacement IT hardware.

(At least they didn’t have to pay the ransom on top of all that!)

Where Malware Can Reach Skype for Business

Skype4B isn’t just vulnerable through its Internet connection. As our example shows, it’s vulnerable from client-level too.

Here are the routes most malware/ransomware would take to reach & infect yours:

  • Front End Server. Where Skype4B lives.
  • Exchange Server. The server with which Skype4B interacts most often…which means the most potential routes for malware to take.
  • File Share. A BIG vulnerability. A shared folder through which users exchange files? It only takes one infected file, and your entire deployment’s in trouble.
  • End User Devices. Not just desktops/laptops now…even phones can carry malware into the office.

Malware Reaching Skype for BusinessNow we know where to watch. What kinds of protections do we put in place?

8 Ways to Protect your Skype for Business Server from Malware/Ransomware

1. Limit the number of Skype for Business admins.
Good admin practice extends to Skype for Business. Create ONLY the fewest number of administrator accounts as you need to manage the system. This includes admin accounts for all of the physical AND virtual servers on which Skype for Business runs.

2. Lock down permissions to the file share.
Controlling the file share’s permissions plugs that hole inside your Skype for Business Server. This blog post illustrates how to lock down the permissions: Keeping your Lync/Skype Business Environment safe from Ransomware – Enabling Technologies

3. Use intelligent routing in your perimeter network.
Restrict open ports on your Edge Server and Reverse Proxy to only those needed for Skype for Business traffic. Here are the port and protocol requirements.

4. Keep the Skype4B Server and its server components up-to-date.
Are you up to the March 2018 Cumulative Update? If not, here’s the download link: Skype for Business Server 2015 Cumulative Update KB3061064 – Download Center
Don’t forget the security patches & updates for your Windows Server as well. If nothing else, the security patches help keep those servers safe.

5. Secure all email servers with anti-malware software & monitoring.
Your Exchange Servers should have anti-malware protection too. The easiest method, of course, is to use a network-wide security gateways from providers like Sophos or F5.

6. Disable Office macros company-wide.
Not many malware apps use macros anymore. But that doesn’t mean it’s impossible. Use a Group Policy to block macros and forget about it.

7. Educate users about phishing/ransomware emails.
If you only do one of these, make it this one. User education goes further to prevent malware infections than any other factor. Users are typically the “weakest link” in cybersecurity…but it only takes some training to make them stronger.

(By the way—we offer cybersecurity education for businesses in the SF Bay Area. Just saying.)

8. Keep current backups.
Always, always keep backups! All servers should have two sets of automatic backups running…one kept on-site in case of a crash, and one kept off-site in case of malware infection. You probably do this already. But it’s too important to take for granted.


“What if we use Skype for Business Online?” you might ask. Well, Microsoft has pretty decent security protections built into Office 365. But you can always make it better.

As Teams and Skype for Business are still on the path to merging, I don’t want to speculate too much on the anti-malware precautions you must take. That said, these stalwarts should always figure into your office’s IT infrastructure:

  • Limit the number of Office 365 admins
  • Use perimeter network protections
  • If you run a hybrid configuration, secure the on-prem server to the same level as your other servers
  • Educate users about phishing/ransomware
  • Keep current backups

Frustrated System AdminIf you’re already Teams users, strengthen Teams’ security with our post from December: 3 Ways to Protect Teams Users from Malware-Infected Files.

Don’t Make Skype for Business the Weak Link in Your Office’s Cybersecurity

It’s always harder to secure a server (any server!) after it’s already running. People don’t want to lose the service, even for a moment. If security updates cause an outage…well, we’ve all heard that particular scream, haven’t we?

That said, 15 minutes of downtime beats 4 days of lost business any day.

There are many layers to protect in Skype for Business: The Windows Servers on which it runs, the perimeter network, the Front End pool, inter-network traffic, and client devices. But, think of it this way…either you find the security holes, or a malware infection will.

Have you ever experience a malware infection on your Skype for Business Server? Please share your experience in the comments.

How the Load Balancer Fits into Skype for Business

Our fourth entry in the “How It Fits” series is…the Load Balancer!

Load balancers show up in every level of a Skype for Business deployment. They’re an integral component of effective Skype for Business Online tenants as well.

If a load balancer does its job right, it’s pretty much invisible. If it doesn’t, it’s a loud and persistent pain. Which it is all depends on your configuration. As such, you’re most likely to work with a load balancer when first deploying Skype for Business.

This post is meant as an overarching take on the load balancer’s function and value. If you’re looking at a new Skype for Business deployment, on-prem or hybrid, this is a quick read that could help a lot!

The Load Balancer’s Primary Role

A load balancer distributes traffic among servers in a pool. In Skype for Business, this means it distributes traffic between role-based server pools. For example, between two Front End Servers.

It’s similar in some ways to a Reverse Proxy. (Some hardware load balancers even include reverse proxy functionality.) But instead of worrying about authenticating traffic from outside the network, it focuses on optimal traffic management inside the network.

Why use load balancing in the first place?Load Balancing Diagram from F5

  • Bolsters reliability. The load balancer helps prevent any one server from becoming overwhelmed.
  • Increases overall Skype for Business stability. Smart traffic management helps avoid traffic bottlenecks.
  • Some Skype for Business services require load balancing to function (e.g. managing HTTP traffic).

Main Components of a Load Balancer

At its core, a load balancer consists of:

  • A Distribution algorithm, and
  • A server pool monitor/health check

The distribution algorithm determines to which server it should send traffic requests. The server pool monitor, well, monitors the assigned server pool’s health and traffic responses.

What kind of traffic are we talking about? All kinds: HTTP/HTTPS, SIP, TCP, UDP. Basically, if you use server pools for any of the Skype4B Server Roles, you should use a load balancer for each.

Other Servers a Load Balancer Communicates With

In Skype for Business, you can load balance any Server Role which has (or can have) multiple servers in a pool. That includes:

  1. Edge Server
  2. Front End Server
  3. Director
  4. Office Web Apps Server

Load Balancers must communicate not only with the servers they’re balancing, but with the servers sending traffic to them. That means they’ll talk with the Mediation Server, PSTN Gateways, and our last “How it Fits” role, the Reverse Proxy.

What about Office 365? If you’re running a hybrid deployment, you’ll need load balancing on the on-prem side. From Plan for Network Devices that Connect to Office 365 Services:

Your organization needs to use a hardware load balancer (HLB) or a Network Load Balancing (NLB) solution to distribute requests to your Active Directory Federation Services (AD FS) servers and/or your Exchange hybrid servers.

In other words, load balancing between Office 365’s servers and your network!

What Kind of Load Balancer Should You Use?

Two types of load balancing exist in Skype for Business.

  1. DNS load balancing, and
  2. Hardware load balancing

This is an important distinction. It’s also the source of most load balancing grief.

DNS Load Balancing:
This is more a technique than a device. It involves mapping server pool names to not one, but a set of IP addresses in DNS.

Let’s say you have a Front End pool named “Headquarters.” The Headquarters pool has three IP addresses mapped to it –,, and

When your Skype for Business client tries to connect to “Headquarters,” DNS sends it all three IPs. The client tries connecting to the first IP, But this IP already has another client connected and cannot respond. So the client tries That works.

Connections stable. Traffic load balanced.

DNS Load Balancing – Microsoft Docs

Hardware Load Balancers:
A hardware load balancer is a dedicated device which distributes traffic requests to a server pool. I think of these like a “Traffic Cop” inside your network.

We use an F5 hardware load balancer for our Skype for Business Server. Cost us a bit, but wow did it help with call quality!

Since hardware load balancers actively listen to incoming & outgoing traffic, they can mitigate traffic bottlenecks. Preventing call drops, static, and external connection troubles.


When setting up load balancing in your topology, keep these restrictions in mind:

  • If your Edge pool uses load balancing, the internal Edge interface and external Edge interface must use the same type. Can’t use DNS load balancing on one, and hardware on the other. You’ll experience some serious traffic errors!
  • Some traffic types require a hardware load balancer (e.g. HTTP traffic). DNS load balancing does not work with client-to-server web traffic either.

Our experience confirms these restrictions. In Skype for Business Server’s early days, we observed that combining both load balancing types in one deployment caused havoc. Inconsistent delays, strange errors with no apparent cause, bottlenecks, etc. When we standardized on one load balancing type topology-wide, these issues evaporated.

Traffic Load Balancing
Traffic, nice and organized.
Photo by Fahrul Azmi on Unsplash.

Here’s a nice setup/overview video from A10 Networks if you’d like more.

Load Balancers Reduce TCO By Easing the Burden on Skyep4B Server Pools

Which load balancing method should you choose? There’s no universal standard. But we go by this rule of thumb: The larger the deployment, the more a hardware load balancer is necessary. They are more powerful, more intelligent, and more reliable.

It does add to up-front deployment cost. But it reduces TCO. Once load balancing is in place, configured, and running properly, it helps the Server Roles function at peak. Even (especially) under heavy load.

What kind of load balancing do you run in your Skype for Business topology?

The Top 8 Skype for Business-Teams Complaints

Teams is 1 year old! Let’s talk about its problems.

I asked Twitter followers, checked feedback sites, and polled co-workers. All told, I came up with 8 of the most common complaints for Skype for Business and Teams.

Why do this? In some cases, solutions do exist. Where they don’t, bringing up issues helps increase visibility. Which (sometimes) nudges software makers into fixing them.

Now, with such a hope in mind, let’s see what bugs Skype for Business/Teams users the most.

4 Top Skype for Business Complaints

Several review posts at G2Crowd and TrustRadius point out Skype for Business’ unreliability. The mobile apps don’t work, Meetings don’t start well, and so on. We heard similar complaints from customers in 2015, when first rolling out Skype for Business Server. It’s become much more stable in recent years though…partly from updates, and partly from configuration testing.

SOLUTION: If you run Skype for Business on-prem, have an expert run through its topology. We can do a lot to boost reliability.

Calls drop/fail/won’t connect at all. This is a persistent issue, and has been since the Lync days.

SOLUTION: Deploy additional bandwidth. We found that going a little beyond what Microsoft recommends for available bandwidth resolves most call issues right away. (Here’s a bandwidth calculator post we worked up to help.)

Sad Dog on Skype for Business
Why do you do this, Skype4B?

Photo by Justin Veenema on Unsplash.

The G2Crowd reviews linked above also mention sync issues. Calendar sync delays, slowness in conversations or Online Meetings, missing messages between mobile and desktop clients, and so on.

I’ve ranted about this before, of course. Frustrating that it continues to haunt Skype4B users.

Skype for Business Conversations, once they’ve finished, are stored in the Conversation History. You reach Conversation History through two places: the Conversations tab in Skype for Business, and an Outlook folder.

Neither of these is “within the same conversation window.”

This is one of’s most-voted-on feedback posts. Most chat apps show the chat’s history in the same window, by default. Skype for Business is a noted (and very frustrating) exception!

No solution exists right now. But you can add your voice to the feedback thread.

4 Top Teams Complaints

Now that Guest Access has (finally) arrived, the most popular UserVoice poll on Teams is support for Private Channels. Teams users have waited a LONG time for this. It looks like they’ll wait a while longer too—it’s not even on the roadmap.

We do have the option of private group chats. However, those will become searchable by April…negating much of their privacy!

Teams may be good for collaboration. But sometimes you really need to have a private conversation.

SOLUTION: Private group chats still exist. It’s an option. Otherwise, for a fully private channel, you’ll have to look outside of Teams for now.

#6 – REQUIRES O365
Can’t get around this one. Teams is for Office 365 customers. You can invite guests, but full users have to have an Office 365 account. To some this is just a feature; an additional reason to use Office 365. If that’s you, then this isn’t a problem. If it isn’t, then you’ll either have to pay up, wait for the free Teams version, or use another chat app.

Sad Penguin for Teams
A representative of the Linux community when asked about Teams.

Photo by Teodor Bjerrang on Unsplash

Microsoft is known for delaying feature rollouts. Or outright ignoring rollout dates and popping up later with the new feature. It has done both with Teams Guest Access. Less of a problem with the app itself, and more with its maker, but in Teams’ case? It’s a big complaint.

SOLUTION: Keep bugging them! Many have actually abandoned Teams in favor of Slack, due to its faster (and more reliable) update schedule. The rest of us can keep reminding Microsoft that they set their own deadlines.

The Teams UI is a bit cartoony. Big emoticons, large text bubbles, and so on. This frustrates many users—it causes crowded screens and appears a bit unprofessional. It also eats up computer resources the longer you use Teams.

SOLUTION: A compact UI is coming, according to UserVoice responses. That should help with resource usage, screen space, and professional appearance.

In the meantime, you can always add RAM to your computer. I know that’s a cost, but it’s an easy upgrade and benefits every computer!

Use This Post When Teams/Skype4B Users Have a Problem (And Think You Haven’t Heard of It)

I know, it’s a little early for “The Airing of Grievances”. But the responses I did get certainly merited acknowledgement. Now that this post is live, we can point to it as proof that these issues do exist, we know of solutions for some, and we’re trying to resolve whatever we can.

I mean ‘we’ both in terms of my company, and yours. Please, make use of this post as you need it!

What bothers you the most when using Skype for Business or Teams?

The Teams Take for March 1st: 3 Concerning Questions

The Teams team has been busy! But the more I read about recent Teams activity, the more questions I have about its development. Hence today’s post.

I’m asking three questions about Teams here. They aren’t quite rhetorical; I would appreciate answers, either from Microsoft’s eventual updates or the community’s collective knowledge. But I also want to put these questions out so others can ponder them.

Question 1 – Will a Freemium Teams Be Compelling Enough to Lure Users Away from Slack?

Teams may have a free version coming.
Report: A Free Version of Microsoft Teams is in the Works – MS Power User
Some clever IT pros came across clues in recent Teams updates that indicate a freemium, or feature-light version in order to compel paid subscriptions, would arrive soon.

Thing is, introducing a freemium version like this—after users have had the paid-version software for a while—is unusual. So much so I’m not actually sure it will achieve its end.

In order to lure users away from Slack, a free Teams would need to either A) match Slack’s free-tier feature set, or B) offer a big value-add by itself. But Teams’ value-add comes from subscription—the extra Office 365 tools. Without those it can compete directly with Slack, but not overwhelm it.

That leaves matching Slack’s feature set…where a freemium model actually hurts Teams. Restrictions in a free version could include:

  1. Inability to share files above a certain size
  2. Limited number of teams
  3. Limited number of people IN a team
  4. No third-party connectors

And so on. If Microsoft takes this path, Teams cannot hope to match Slack’s feature set. It would start the race with a broken leg (if you’ll pardon the sports parallel).

Teams’ biggest appeal as a package comes not only from its communications tools, but from the O365 productivity tools you buy to get it. I get a strong sense that a free Teams could easily fall flat with new users.

Private Teams Chats Searchable
Hey hey, are you having a private chat?

Question 2 – Why Make Private Teams/Groups Searchable Now?

Private Teams groups will become searchable in March.
Private Microsoft Teams groups to become searchable in upcoming change –

I have to wonder. What’s the rationale for doing this now? If you’re creating a private group, you’re doing so for a reason. Maybe you don’t want others knowing what you’re discussing…or that the discussion even exists.

I can picture one internal use for this immediately: New departmental projects you want to test before notifying other departments. Totally legitimate, and a valid need for privacy. Now it’s gone from Teams. Anyone with such private projects is now unwillingly exposed.

Besides, according to the article, it’s still possible to hide teams/groups from search, using a PowerShell cmdlet. If the function’s still there, then why institute search for private groups at all?

Question 3 – Is True Guest Access Finally Here?

Twitter blew up yesterday with an announcement about Teams Guest Access. “It’s here!” “We have full Guest Access support ready!”

Happy Dog for Teams Guest Access
I can come in now??

Photo by Anita Peeples on Unsplash

A blog post on today seems to confirm: New in February—advancing creativity, teamwork, and management in the modern workplace

Work with guests in Microsoft Teams—We’re rolling out the ability to add anyone as a guest in Microsoft Teams. Previously, only those with an Azure Active Directory (Azure AD) account could be added as a guest. Starting next week [early March], anyone with a business or consumer email address—including and—can participate as a guest in Teams with full access to team chats, meetings, and files. Guests in Teams will continue to be covered by the same compliance and auditing protection afforded to Office 365 subscribers, and can be managed securely within Azure AD.

They’ve also posted the announcement on the Microsoft Teams Blog (Tech Community).

After an early-March rollout, according to Microsoft’s “What the Guest Experience is Like,” Teams Guest users can:

  • Create a channel (if Team owners let them)
  • Participate in a private chat
  • Participate in a channel conversation
  • Post, delete, and edit messages
  • Share a channel file

But they can’t:

  • Share a chat file
  • Add apps like bots or connectors
  • Create tenant-wide and teams/channels guest access policies
  • Invite a user outside the Office 365 tenant’s domain
  • Create a team
  • Discover and join a public team
  • View organization chart

Frankly, this is very much a “wait and see” thing for me. Once burned and all. Microsoft has promised this before, and then reneged. Besides, there’s one tiny inconsistency I found.

Why is Guest Access mentioned left and right…yet no mention on the UserVoice Guest Access thread? The thread contains hundreds of users’ frustrations with the long Guest Access delay. Many have given up and gone to Slack (good luck winning them back at this point). Is Microsoft just ignoring some of its audience?

Will These Updates Grow Teams’ Adoption…or Slow It?

Teams continues to develop at a rapid pace. I don’t mean to throw cold water on its progress. If Microsoft releases a freemium Teams version, I’ll happily test it out for this blog.

What concerns me is the haphazard, inconsistent development. Every major software project comes with stumbling blocks, whether accidental or intentional. Accidental issues can slow down adoption. Intentional issues, such as ignoring the user base or doing things they don’t want? That can halt adoption entirely.

What are your thoughts on today’s Teams Take?

How to Stay Vigilant Over Office Chat: Implement a Messaging Policy

If someone published your office’s chat logs, would you be okay with it…or wince at what people will find in them?

Most of us are in the latter category. I’m not even sure I’d be okay with it! But I’m at least certain that our chat logs are clean of intellectual property and PII. How do I know that? After reading this post, you’ll understand.

What’s Going On in Your Office’s Chat App?

This topic came from an article I saw in NewsDay yesterday: Workplace messaging apps offer flexibility, require vigilance –

The article reminds readers to stay vigilant over their messaging apps: Teams, Slack, Skype for Business, HipChat/Stride and the like. Good advice.

But let’s go further. HOW do we stay vigilant? How could we make sure employees stick to work-related (or perhaps I should say “work-appropriate”) conversation topics?

The article gives the following as a solution: “Firms should institute a workplace messaging policy and outline best practices to avoid abuse or unwanted distractions.” True! But there isn’t much beyond that.

Fortunately, keeping office chat to office topics isn’t too hard. In fact, we can take care of it in less than 10 minutes. In this post I’m laying out a way to not only institute a workplace messaging policy, but use human psychology to enforce it!

Institute A 3-Part Workplace Messaging Policy
First, if you don’t have a messaging policy in place already, make one. Here’s a simple workplace messaging policy anyone can use. It’s simple, only has 3 parts, and works for all messaging apps.

  1. All messaging clients are set to Full Logging.
  2. All conversations are kept in logs. If you’re chatting, your conversation is logged.
  3. All logs are included in the company’s regular backup schedule.

Okay, now you have your policy. Next, we have to spread the word. All employees need to know about this.

Give All Employees a 5-Minute Policy Brief

Informing all employees of a messaging policy only takes 5 minutes. Send them the following details via email. Or announce it at an all-hands gathering. Or send a message in chat!

  1. Tell everyone that the conversations are logged.
  2. Tell them where the logs are kept.
  3. Tell them the logs are backed up, where, and why.
  4. Employees must avoid discussing confidential material via messaging (e.g. banking information, PII).
  5. Work-related conversations should stay work-appropriate. If you need to chat about personal matters, do so privately.
  6. Finally, tell them you may use information from chat logs in customer meetings or quote documents.

That’s it!

Messaging Policy for Office Chat
You can be a LITTLE more specific than this…

Human Psychology Helps You Enforce This Policy

Seems too simple, right? There must be a trick. And there is…but it’s one you don’t need to do anything about. It works because humans think & act in certain ways.

Informing people of chat logs & why you’re backing them up isn’t just for their edification. It also creates an impression in their mind. Think about this—when you walk into a store and see one of those, “Smile! You’re on camera” signs, doesn’t it trigger an unconscious reaction? “Oh, right, better not do anything dumb.”

Nobody’s assuming you went there to shoplift or cause a scene. But the impression still pops into your head. The same thing happens with a messaging policy. When people know their work conversations are recorded…they tend to self-police.

(There’s always an exception, but we’re talking in general terms here.)

You can periodically remind employees of the policy by referencing the conversation logs. Any reason will do…here’s a couple I dredged up from our own office’s 2017 conversations:

  • “I don’t have X’s email. Is it in your conversation history?”
  • “Customer B wants to know status on their migration. Didn’t you guys talk about that in chat yesterday? Could you send me the log?”

These act as subtle reminders. The logs exist. Chats are recorded. Make sure you stick to work stuff!

Setting Up Logs for Backup

In order to fulfill this messaging policy, you’ll need to keep backups of chat conversation logs. I seriously hope you’re doing this anyway…but if not, let me give you a reminder!

backup photo
A badly-needed keyboard addition!
Photo by Got Credit
  • Server logs: Included with server backups. (If you’re not backing up servers, call us immediately!) For Skype for Business Server deployments, make sure the Centralized Logging Service is enabled.
  • Desktop Client logs: Capture logs from users’ computers by including these folders in their workstation backups.
    • Skype for Business 2016: %userprofile%\AppData\Local\Microsoft\Office\16.0\Lync\Tracing
    • Lync 2013/Skype for Business 2015: %userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\Tracing
    • Web App Log location: %userprofile%\AppData\Local\Microsoft\LWAPlugin\Tracing (File name: LWAJSPersistent#.log)
  • Cloud logs (Teams, Slack): These are backed up by their respective cloud services. If you want to pull down extra copies for your own backups, here’s some help:

Workplace Messaging Policy: A Good Idea for All Teams, Slack, Skype4B Users

By now you’ve figured out why I’m not worried about our chat logs. Yes, we have a messaging policy here at PlanetMagpie. It’s more or less the same as what you just read. We’re on Skype for Business Server; the policy addresses our Instant Messaging Conversations.

You can expand on this messaging policy, of course. It all depends on how your office uses chat apps. That way you make sure they’re sticking to work-appropriate topics!

Do you use a messaging policy now? What kind?