Microsoft Lync and Skype for Business have a rich set of .NET APIs which make it easy to extend the platform and integrate it with other applications. This blog helps explain how to use those APIs.

Trusted applications and policy settings

Posted: February 16th, 2012 | Author: | Filed under: Lync Development | Tags: , , , , , | 3 Comments »

Unless your Lync environment has a single global policy for each type of policy setting (voice policy, conferencing policy, dial plan, etc.) you may run into problems where your UCMA trusted application endpoints don’t work properly with the default policy. A couple of common examples:

  • Voice policy – the default collection of PSTN usages may not be appropriate for the PSTN calls initiated by your application
  • External access policy – if your application needs to contact public IM or federated users and the default policy doesn’t allow this

Normally, the Get-CsTrustedApplicationEndpoint command in Lync Management Shell doesn’t show any policy information about the trusted application endpoints, and so it’s easy to get the idea that they don’t HAVE any policies. But in reality, the policies are there — they’re just hiding.

Here’s what typical results from Get-CsTrustedApplicationEndpoint look like:

Normal results from Get-CsTrustedApplicationEndpoint

As you can see, no policy settings show up here. But that changes if you run the command like this:

Get-CsTrustedApplicationEndpoint -Identity
 "" | Select-Object *

Now, the command divulges a whole bunch of other properties that you wouldn’t have guessed were there:

Full results from Get-CsTrustedApplicationEndpoint

Lo and behold, all of the policy settings you can set for normal users are there as well.

So what if we want to assign a different policy? Simple — just do it the same way you would for a normal user. Here’s an example:

Grant-CsExternalAccessPolicy -Identity
 "" -PolicyName ExternalUsersAllowed

Grant Policy

Here’s the result:

With Policy

The trusted application endpoint now has the user-level policy assigned.

Have fun granting policies to your endpoints, and, as always, let me know if you have comments or questions.

3 Comments on “Trusted applications and policy settings”

  1. 1 Kim said at 8:08 am on February 22nd, 2012:

    Hi Michael,
    we are having issues with users trying to call a TrustedApplicationEndpoint, the error in Lync Diagnostics is;
    “The client is attempting to join another endpoint that has not been provisioned” component=”Audio Video Conferencing Server”.
    I have checked the Voice Policy, Dial Plan etc.
    The TrustedApplicationEndpoint did just have the ‘Client Authentication, Server Authentication’ (Computer Template) certificate renewed.

    You just may have seen this issue before.

    Regards Kim

  2. 2 Nonis said at 8:56 am on April 5th, 2012:

    Hi Michael,

    thanks for this info, I was trying to find policy settings for my trusted application and this helped quite a bit 🙂

  3. 3 Michael said at 8:51 am on April 6th, 2012:

    Glad it was helpful!

Leave a Reply

  • Note: Comment moderation is in use because of excessive spam. Your comment may not appear immediately.