Disable external access for lync 2010

We have a lync setup that has 2 edge servers and some internal lync servers. We need to disable external access so no one in the company can just start the lync client and connect in, but we need to keep federation access working.

How can this be done.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Neil RussellTechnical Development LeadCommented:
If a user is licensed for the Lync client then I dont think you can stop them using it externally IF you have federation setup.  I may be wrong but I have certainly not come across any way that this could be set in Lync 2013 that we use.
Will SzymkowskiSenior Solution ArchitectCommented:
You need to change the External Access Policy on the link enabled user within the Lync Control Panel. You can do this from an individual user stand point.

This is also a default setting that you need to apply when you first enable a lync user account.

Do this from the Lync Admin Control.

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

rdefinoAuthor Commented:
So In the lync admin console, I see under "external user access" there is Federated user access, remote user access and public provider access.

Now if I want just my user that are on our network and federated users to access our lync, do I uncheck remote user access and public provider access?  Confused on this one.
Mohammed HamadaSenior IT ConsultantCommented:
Public provider means Office 365, yahoo, skype..etc so if you disable the Public providers then you won't be able to connect with Skype users or Office 365 Lync online users ..etc

If you disable Remote user access, then your users won't be able to access Lync remotely through the edge server.

for your choice you will only have to leave the option "Enable communications with federated users" enabled for your users.

If you don't want to confuse your self I suggest you disable everything on the Global policy except "Enable communications with federated users" and make sure that all users have the global policy set on their settings.
rdefinoAuthor Commented:
ok, so by unchecking all on global but "federated user access" all my users will have access will on our network and access to who has been federated?

Where do I set "global policy set on their settings"

Mohammed HamadaSenior IT ConsultantCommented:
You will need to open Control panel > Federation and External Access. on the right pane under "External Access Policy" double click on the Global policy there. and make sure you untick all the options there except the "Enable communications with federated users".

When you do these changes, make sure your Lync front end is replicating properly to Edge for the changes to take effect.

You can force replication by launching Lync Management shell and enter the cmdlet


To make sure your replication between Edge and FE is working, from Lync Control panel go to Topology and check the status of replication next to Lync Edge servers. If there's a a green right mark then your replication is working fine.

Make sure you also change the user's External policy to Global.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.