Description

Enabling federation with other organizations facilitates communication and collaboration, and accelerate productivity. However, it introduces privacy concerns and potential leakage of confidential information.


To mitigate these risks, the Security Federation Filter enforces an ethical wall firewall between your organizations and your federated partners to protect your corporate intellectual property at a granular level.


The Security Sync Filter augments the capabilities of the Security Federation Filter by making it possible for administrators to define federation policies based on Active Directory groups.


Key Benefits


The Security Sync Filter extends the functionality of your Security Federation Filter in the following ways:


  • Administrators can define federation policies based on Active Directory groups
  • Ability to create federation policies based on Active Directory attributes

Architecture

The Security Sync Filter queries Active Directory for all users enabled for Skype for Business and the groups these users belong to. It then synchronizes this information into the Security Filter Manager database.


This allows administrators to create federation policies in the Security Filter Manager based on Active Directory groups. Federation policies can then be enforced on Active Directory groups.



The Security Sync Filter only reads from Active Directory and never writes to it. This limits access to your Active Directory infrastructure.


To protect your internal network, the Security Sync Filter only writes to the Security Filter Manager database and never reads from it. This prevents an attacker from injecting SQL code into the database that could potentially compromise the Security Sync Filter and as an extension your internal network should the Security Filter Manager become compromised.


This architecture ensures in-depth defense protection and flexibility. You can choose to deploy the Security Sync Filter with your Securirty Federation Filter or not.