SKYPE for Business and LYNC servers have recently been the target of “attacks” er exploits rather where the attacker would join a non expired meeting and from use the dialout feature to make thousands of calls – resulting in gigantic bills from the telco.
What happens is that attackers find
The most prominent source for attacks are people from outside the org getting their hands on the links of either meetings that haven’t yet expired, or even recurring meetings that never expire.
There are several ways of getting to these links.
Either through public search engines, via hacked O365 mailboxes or Remote access to the client computer.
The issues with meeting URL’s in public search engines was fixed in December 2017, so if you have not installed that patch yet better get to it.
- You schedule a Microsoft Skype for Business meeting
- The meeting URL is posted somewhere publicly online
When you create a new Skype for Business meeting, you decide who gets into the meeting directly, and who waits until you let them in. We recommend that you change these options for large meetings, or when you have confidential or sensitive info. You can set the following options in a new Skype for Business meeting by clicking Meeting Options on the Meeting tab.
|
Who gets in directly?
|
What happens?
|
Recommended when…
|
|---|---|---|
|
Only me, the meeting organizer
|
You are the only one who gets into the meeting directly. Everyone else has to wait until admitted.
|
You have a high security meeting and confidential information.
|
|
People I invite from my company
|
Only people who were invited can join the meeting directly. Everyone else has to wait until admitted.
|
You’re discussing confidential information, and want to only allow specific people to join.
|
|
Anyone from my organization
|
Anyone from your company can get in to the meeting directly, even if not invited.
|
You don’t have external participants and you are not discussing confidential information.
|
|
Anyone (no restrictions)
(Default option)
|
Anyone who has access to the meeting link gets in to the meeting directly.
|
You’re inviting outside participants and you’re not discussing confidential information.
|
Resource accounts such as meeting rooms, conference rooms, and system accounts have a slightly different behavior for lobby options.
|
Option
|
What happens
|
|---|---|
|
Only me, the meeting organizer
|
Resource accounts have to wait in lobby until admitted.
|
|
People I invite from my company
|
Resource accounts have to wait in lobby until admitted.
|
|
Anyone from my organization
|
Resource accounts have to wait in lobby until admitted.
|
|
Anyone (no restrictions)
|
Resource accounts get in to the meeting directly.
|
|
Presenter option
|
Who is a presenter?
|
When to choose this option
|
|---|---|---|
|
Only me, the meeting organizer
|
Only the person who schedules the meetings
|
For presentations where the participants don’t have to interact with the meeting content. (You can designate additional presenters during the meeting.)
|
|
People I choose
|
You and the participants you choose
|
For presentations with more than one presenter.
|
|
Anyone from my organization
(Default option)
|
Everyone you invite who has an account on your network
|
For group work sessions, where all participants work at your organization and can share and modify meeting content.
|
|
Anyone (no restrictions)
|
Everyone you invite
|
For group work sessions with people who don’t have an account on your network.
|
Click Choose presenters to determine who among your invitees will be an attendee or presenter. You must have already added invitees to your meeting request in order to see names in this list.
Comments
Can it be true that there is no "Meeting Options" when you have made an Teams meeting, as there is with an Skype for business meeting ??
Author
Hi Michael – Nope – there is indeed Meeting options – also for Teams. But for now, far less options, but more to come – you find the meeting options below the join link.