I was recently in the position working on a project with a customer for the first time where they needed to set up Skype for Business Hybrid, but with closed federation. This wasn’t something I’d come across before and all of the default documentation and articles I found seemed to presume that organisations would be working with open federation so I thought I would write a quick post specifically around this subject.
The Microsoft TechNet article for configuring Skype for Business Hybrid (Read Here) specifies the following command:
Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1 -UseDnsSrvRouting
The key to achieving the requirement of closed federation is understanding what “Partner Discovery” is in Skype for Business/Lync on-premises. Partner Discovery is the on-premises equivalent of Open/Closed federation in Skype for Business Online.
Open Federation = Partner Discovery Enabled
Closed Federation = Partner Discovery Disabled
You need to ensure when you are configuring your Skype for Business Hybrid deployment that you don’t follow the standard documentation if you want to use closed federation. You must take the above command, but leave Partner Discovery disabled or if it is enabled on-premises (which would mean any Skype for Business organisations at the federated endpoints, regardless of their specific domains) would be able to connect with your users. The result of this with Office 365 would be that when you add the federated endpoint for Skype for Business Online, any other SFBO organisation would be able to connect.
So the key here is, if you want to limit communications to your set allowed federated domains only, Partner Discovery must not be enabled, and of course, the allowed/blocked federated domains must be identical in both on-premises and SFBO.
If you have any questions or comments please either use the comments section below, Tweet me@MikeParker365 or via email firstname.lastname@example.org.