BIO 12.01.01 ISO A.12.6.2

Teams: Disable Skype For Business Communication

📅 2025-10-30

•

⏱️ 3 minuten lezen

•

🟢 Should-Have

💼 Management Samenvatting

Disable Skype for Business interop in Teams - legacy protocol (Skype for Business EOL: July 31, 2021 - RETIRED).

Aanbeveling

IMPLEMENT (post-migration)

Risico zonder

Low

Risk Score

3/10

Implementatie

5u (tech: 2u)

Van toepassing op:

✓ Microsoft Teams

Skype for Business = END OF LIFE: Microsoft retirement: July 31, 2021 (no support, no patches), Migration path: All users → Teams (modern platform), Interop mode: Transitional feature (Skype ↔ Teams communication tijdens migration), Security: Legacy protocol (older encryption standards), Support: NONE (Microsoft ended support 2021). Post-migration: Disable Skype interop (clean break, no legacy baggage).

PowerShell Modules Vereist

Primary API: Microsoft Graph API / Teams PowerShell
Connection: Connect-MicrosoftTeams
Required Modules: MicrosoftTeams

Implementatie

Disable Skype interop: Coexistence mode: 'Teams Only' (no Skype communication), Effect: Teams users cannot chat/call Skype users, Legacy cleanup: Remove Skype for Business clients, Modern: Teams-only environment (unified platform).

Vereisten

Microsoft Teams
Skype for Business migration completed
All users migrated to Teams
Skype for Business decommissioned

Implementatie

Teams Admin Center → Org-wide settings → Teams upgrade → Coexistence mode: Teams Only. Effect: Disables Skype interop. Verify: All users use Teams exclusively.

Compliance

BIO 12.01 (Remove legacy tech), ISO 27001 A.12.6.2.

Monitoring

Gebruik PowerShell-script skype-communication-disabled.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script skype-communication-disabled.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

BIO: 12.01.01 -
ISO 27001:2022: A.12.6.2 -

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell

<#
.SYNOPSIS
    Skype Communication Disabled
.DESCRIPTION
    Disables Skype for Business federation to reduce security risks
.NOTES
    NL Baseline v2.0
    Legacy Skype connectivity is deprecated
#>
#Requires -Version 5.1
#Requires -Modules MicrosoftTeams

[CmdletBinding()]
param([switch]$Monitoring)

$ErrorActionPreference = 'Stop'

Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Skype Communication Disabled" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan

function Invoke-Monitoring {
    try {
        Connect-MicrosoftTeams -ErrorAction Stop
        
        $config = Get-CsTenantFederationConfiguration
        
        $result = @{
            isCompliant = (-not $config.AllowPublicUsers)
            allowSkype = $config.AllowPublicUsers
        }
        
        Write-Host "  Skype for Business Federation: $(if($result.allowSkype){'ENABLED'}else{'DISABLED'})" -ForegroundColor $(
            if (-not $result.allowSkype) { 'Green' }else { 'Yellow' }
        )
        
        Write-Host "`n  Security Benefits:" -ForegroundColor Cyan
        Write-Host "    • Reduces attack surface" -ForegroundColor Gray
        Write-Host "    • Prevents legacy protocol vulnerabilities" -ForegroundColor Gray
        Write-Host "    • Maintains modern security standards" -ForegroundColor Gray
        Write-Host "    • Reduces security risks" -ForegroundColor Gray
        
        Write-Host "`n  Note: Legacy Skype connectivity is deprecated" -ForegroundColor Gray
        
        if ($result.isCompliant) {
            Write-Host "`n[OK] COMPLIANT - Skype federation disabled" -ForegroundColor Green
            exit 0
        }
        else {
            Write-Host "`n[FAIL] NON-COMPLIANT - Skype federation enabled!" -ForegroundColor Red
            exit 1
        }
    }
    catch {
        Write-Host "ERROR: $_" -ForegroundColor Red
        exit 2
    }
}

try {
    if ($Monitoring) { Invoke-Monitoring }
    else { Write-Host "Use: -Monitoring" -ForegroundColor Yellow }
}
catch { throw }
finally {
    Write-Host "`n========================================`n" -ForegroundColor Cyan
}

function Invoke-Remediation {
    <#

    .SYNOPSIS
        Herstelt de configuratie naar de gewenste staat
    .DESCRIPTION
        Dit is een monitoring-only control, remediation delegeert naar monitoring
    #>

    [CmdletBinding()]
    param()
    
    Write-Host "[INFO] Dit is een monitoring-only control" -ForegroundColor Yellow
    Write-Host "[INFO] Running monitoring check..." -ForegroundColor Cyan
    Invoke-Monitoring
}

Risico zonder implementatie

Low: Low: Skype interop = legacy protocol (EOL 2021, no patches).

Management Samenvatting

Disable Skype for Business interop. Teams Only mode. Skype EOL (2021). Clean migration. Implementatie: 2-5 uur.

Implementatietijd: 5 uur
FTE required: 0.02 FTE

Teams: Disable Skype For Business Communication

💼 Management Samenvatting

Implementatie

Vereisten

Implementatie

Compliance

Monitoring

Remediatie

Compliance & Frameworks

Automation

Risico zonder implementatie

Management Samenvatting

Share artikel