Federation 101 in Lync Online #Office365 #Lync

Hi

After hours spent on answering questions in the community.office365.com forums on this topic its now time to set this straight and tell you all there is to know on how to federate with all what there is to federate with in Lync online.

Since Lync online is a hosted service, features can and will be added over time and this post is based on the features as of the time of writing (Office 365 GA). For updates on the service please refer to the “Microsoft Lync Online for Enterprises Service Description.docx

First I want to start with trying to explain Lync federation (since we also have ADFS identity federation and calendar federation) The term “Lync federation” is specific to Lync and should not be confused with the requirements and capabilities of identity federation that are supported in Office 365.

Lync federation enables a Lync Online user to connect with users in other organizations that use Lync Online as well as those that host their own Lync Server 2010 on premises. Federated contacts can see presence, communicate using IM and make Lync-to-Lync audio and video calls.

In addition to Lync-to-Lync federation, Lync Online users can also connect with their contacts from the Windows Live Messenger. (A note on security: All federated communications are encrypted between the IM systems using access proxy servers. But Microsoft does not control encryption after messages are passed to the federated partner’s network i.e. between the Live messenger server and client.)

 

Federation features by type

Supported modalities

IM and presence

Lync-to-Lync audio and video

Lync Online tenants (other companies
using Office 365and Lync Online)

Yes

Yes

Lync Server 2010, OCS 2007 and
OCS 2007 R2 (on-premises)

Yes

Yes

Windows Live Messenger

Yes

Yes

File transfer is not available with federated connections.

 

Configuration in the Lync Online portal

Lync federation requires the consent and proper configuration of both parties of the federation relationship. So there are some configuration that needs to be done in the Lync Online control panel.

First make sure that your DNS are correctly configured. I wrote a blog post on how to verify this a while ago so please see it for a detailed description Verify your DNS records in Office 365    – #Office365

image

After the DNS are verified and working correctly, go to the Admin overview and then select manage on Lync online.

image

Then go to Domain Federation tab and make sure that it is enabled, there are some options to chose here as well:

  • Allow federation with all domains except those I block
  • Block federation with all domains except those I allow
  • Disable federation

 

image

The next tab of interest is the Public IM tab and you can here select the domain that we would like to enable for public IM federation with Live Messenger. But make sure that you read the warning before enabling this for your domain, after you have enabled it here it will take some time before the provisioning is finished so take glass of water and come back later.

WARNING:

I have seen some people in the forums at http://community.office365.com/ that didn’t realized that enabling Public IM Connectivity (PIC) in Office 365 will actually move the pic federation domain from pointing at the Live Server and being used in Live Messenger to pointing to Office 365 and being used in Lync Online.

So lets say you have your own domain in Live Messenger i.e. tommy@mydomain.com

I now enable my Office 365 tenant and add mydomain.com to in the Office 365 management portal. I then click around and enable pic for that domain. BOOM!!

From that moment the move process will start and your live messenger users will not be able to log in with their user@mydomain.com in Live Messenger anymore. (since its moved to Lync)

This is actually kind of the same thing that happens when you enable PIC for your on premises Lync server, except that this is a bit easier.

The last tab is the User Information tab and we should here select our users that should be enabled for External access as seen below.

image

You could also see this post for some more information on how to configure Lync online for federation http://blogs.msdn.com/b/mvpawardprogram/archive/2011/06/27/mvps-for-office-365-lync-online-federation.aspx

After the configuration we have done above is done we can now federate with people that are on Lync online in other organizations (if they also are enabled for External access that is) and with Live Messenger users, but what about Lync on premises servers?

Well there are some configuration that needs to be done on the on premises side before we can start sending IMs and doing video calls with them.

Configuration in the Lync on premises to federate with Lync Online

I wrote a blogpost on this a while ago so I refer to it for the details Enable federation with Office365 in Lync On-prem  – #Lync #Office365 

But the short answer is that this can be configured in two ways. Either:

New-CSHostingProvider –identity LyncOnline –ProxyFqdn sipfed.online.lync.com –Enabled $True

The above will enable federation for all Office365 domains and is suited if you already allow “open federation”

or

Use Direct Federation by adding the Lync Online Allow domain entry with ProxyFqdn. ( Run the following two commands and replace youronlinedomain.com with your domain )

New-CSAllowedDomain –identity youronlinedomain.com

Set-csAllowedDomain youronlinedomain.com –ProxyFqdn sipfed.online.lync.com

 

Ok so that’s about all the configuration we need to do on the portal/server side, so say goodbye Lync admins!

And say hello to user training.

How do you add a Live Messenger user that has a vanity domain name in its IM address?

Instruct your users to add MSN/Live users that have vanity domains in this format username(domain.com)@msn.com

To add a user Write the address in the search input bar, then right click on the result and choose add to contact list. wait wait wait and a request should pop up at the msn user after a while.

image

This has always been the case for users on OCS/Lync when we used PIC before and it is the same in Lync Online.

Federation scenarios

  • If you and the external user are on Lync Online in Office 365 and both organizations have federation enabled it will just work
  • If you talk to a partner user that is on Lync or OCS but where they have the servers on premises, their admins need to enable federation on the on premises server for federation to work.
  • If you talk to a user that is on Live Messenger and uses a hotmail.com, msn.com (Microsoft address) it will just work.
  • If you talk to a user that is on Live Messenger and uses a vanity domain. You need to add it as tommy.clarke(mydomain.com)@msn.com in Lync or via the IM field in Outlook.

Deep diving into troubleshooting of Lync Online federation.

How to troubleshoot #Lync Online using Lync Server Resource Kit Tools & Snooper v4