Some organizations may require that Lync mobility is only enabled or disabled for certain users. Common reasons may be to facilitate a controlled Lync mobile deployment or to prevent non-exempt employees from accessing Lync after hours. This article explains how to configure this.
First, it is assumed that Lync Mobility is configured and working in your environment. If you need help with this, see Deploying the Lync 2010 Mobility Service by Lync MVP Jeff Schertz.
By default, all Lync users can access Lync with Lync Mobile once the mobility services are installed. To change this behavior we will be configuring a new Client Version Policy using the Lync Server 2010 Control Panel.
You will normally only see a Global client version policy. This policy displays all the allowed User Agents and the minimum versions allowed by Lync. Once you install Lync Mobility you will see a new user agent type, MCX, that allows all user agents greater than 4.x.x.x.
If your goal is to enable Lync mobile for certain users:
- Open the Lync Control Panel as a Lync administrator. Select the Clients node on the left and select the Client Version Policy at the top.
- Change the Global client version policy to disallow Lync mobile connections:
- Edit the Global client version policy by clicking Edit in the menu bar
- Select then MCX user agent (you may need to scroll to locate it) and select Show Details in the menu bar
- Edit the MCX Client Version Rule so that the Major Version is 0 (zero)
- Click OK to close the rule and then click Commit. At this point Lync Mobile is disabled for all users.
- Create a new User client version policy to allow Lync mobile connections:
- Click New > User Policy to create a new User Client Version Policy.
- Name the new policy Lync Mobile Users and enter a description for the new policy
- Select the MCX user agent and verify that the version is 4.*.*.*
- Click Commit to save the new user version policy
- Assign the Lync Mobile Users client version policy to selected users:
- Click the Users node in Lync Control Panel
- Edit the Lync user(s) who will be enabled for Lync mobile
- Assign the Lync Mobile Users policy as the Client Version Policy, as shown below, and click Commit
If your goal is to disable Lync mobile for certain users:
- Open the Lync Control Panel as a Lync administrator. Select the Clients node on the left and select the Client Version Policy at the top.
- Create a new User client version policy to disallow Lync mobile connections:
- Click New > User Policy to create a new User Client Version Policy.
- Name the new policy Disable Lync Mobile and enter a description for the new policy
- Edit the Client Version Rule for the MCX user agent so that the Major Version is 0 (zero)
- Click Commit to save the new user version policy
- Assign the Lync Mobile Users client version policy to selected users:
- Click the Users node in Lync Control Panel
- Edit the Lync user(s) who will be disabled for Lync mobile
- Assign the Lync Mobile Users policy as the Client Version Policy and click Commit
[This article was suggested by reader @jshoq. Thanks for the suggestion!]
Great article. Do you know if there's any way to restrict access to the Lync mobility service by device? For example, to limit access to approved corporate devices only?
ReplyDeleteHi. I've followed your steps, but I can still logon. This is a test environment, so there's only the global profile. I set the major version to 0 and then chose "newer than or same" and :block", then commit. I then waited a while, and even invoked the CSManagementStoreReplication. Doesn't seem to start blocking me... Any tips?
ReplyDeleteUsing the Lync Mobility policy is the recommended approach approach here. You can easily block mobility at the global level and then assign a separate policy to users who should have access.
ReplyDeleteSet-CsMobilityPolicy -Identity Global -EnableMobility $False
New-CsMobilityPolicy -Identity MobilityEnabled -EnableMobility $True
Grant-CsMobilityPolicy -Identity -PolicyName MobilityEnabled
Thanks, Tom!
DeleteThat's the way to do it!
DeleteI can still log in on with my android. I think you are missing a step where you have to set the Client Version Configuration.
ReplyDeleteI wrote this article before there was guidance on how to achieve this. Since then, Microsoft has created the CsMobility cmdlets, as my colleague Tom Pacyk wrote above. That would be the better approach.
DeleteYes, Thank you!
Delete