Topic Last Modified: 2011-05-02

Microsoft Lync Server 2010 includes the following security enhancements:

A complete list and discussion of the new features in Lync Server 2010 and Microsoft Lync 2010 can be found in the Getting Started documentation.

Trustworthy by Design

Lync Server 2010 is designed and developed in compliance with the Microsoft Trustworthy Computing Security Development Lifecycle (SDL), which is described at http://go.microsoft.com/fwlink/?linkid=68761. The first step in creating a more secure unified communications system was to design threat models and test each feature as it was designed. Multiple security-related improvements were built into the coding process and practices. Build-time tools detect buffer overruns and other potential security threats before the code is checked in to the final product. Of course, it is impossible to design against all unknown security threats. No system can guarantee complete security. However, because product development embraced secure design principles from the start, Lync Server 2010 incorporates industry standard security technologies as a fundamental part of its architecture.

Trustworthy by Default

Network communications in Lync Server 2010 are encrypted by default. By requiring all servers to use certificates and by using Kerberos authentication, TLS, Secure Real-Time Transport Protocol (SRTP), and other industry-standard encryption techniques, including 128-bit Advanced Encryption Standard (AES) encryption, virtually all Lync Server data is protected on the network. In addition, role-based access control makes it possible to deploy Lync Server 2010 servers so that each server role runs only the services, and has only the permissions related to those services, that are appropriate for the server role.

Trustworthy by Deployment

Not only this security documentation, but all the Lync Server 2010 documentation includes best practices and recommendations to help you determine and configure the optimal security levels for your deployment and assess the security risks of activating nondefault options.