One reader entered the following line on our December poll:
“Remove PIN requirement for audio only conferences”
Hmmm. Removing the PIN entirely? I’d never considered this before. Was it even possible?
Time to find out!
First: How to Control PINs in Skype for Business
You enter a PIN when joining a Skype Meeting via Dial-In Conferencing. It’s your authentication – letting you “in the door.”
Like most Skype for Business functions, PINs are controlled by policies. You can modify the global PIN policy through the Skype4B Control Panel, like this:
- On a computer that’s a member of your domain, open the Skype for Business Server Control Panel.
- In the left navigation bar, click “Conferencing”, and then click “PIN Policy”.
- On the PIN Policy page, click the “Global” policy.
- Click “Edit”, and then click “Show details”.
- Here you can edit several PIN characteristics:
- Minimum PIN Length (default is 5 digits)
- Maximum Logon Attempts (a check box, automatically determined by default). If you select the check box, you can enter a maximum number.
- Should PINs expire? A check box for enabling of disabling PIN expiration lets you decide. You can also select the number of days after which PINs expire.
- PIN History – should users reuse their PINs?
- A check box for allowing Common Patterns of digits. If you don’t select this, you’re preventing common patterns like “12345” or “44444”. IF you do select this, users can use common patterns for PINs.
- When you’re done modifying, click “Commit”.
Or you can use one of the following PowerShell cmdlets.
Get-CsPinPolicy: Returns information about the client PIN.
Grant-CsPinPolicy: Assigns a client PIN policy to a user or group.
New-CsPinPolicy: Creates a new PIN policy.
Remove-CsPinPolicy: Removes an indicated PIN policy.
Set-CsPinPolicy: Modifies an existing PIN policy.
Next: Any Help from TechNet? How about Blogs?
All of this material you’ll find referenced in the Skype for Business section of Microsoft TechNet. Naturally, that’s where I went to look first.
TechNet is a maze sometimes. This search was no different. But I did find several useful resources which detailed working with PINs:
Manage dial-in conferencing in Skype for Business Server 2015
Manage PIN policies for dial-in conferencing in Skype for Business Server 2015
Set a user’s dial-in conferencing PIN in Skype for Business Server 2015
I saw a couple potential loopholes in PIN policy you could exploit, to make PIN use simpler. For instance, setting the global PIN policy to a small number of digits, and not setting user- or site-level policies. Or enter the same PIN for everyone and distribute it.
PINs as a Point of Security – Disable It? Not Likely.
However, trying to “cripple” PIN policy undermines a point of security. A PIN is there to protect something – whether that’s your ATM card or your weekly Skype Meeting. As such, I don’t recommend trying to avoid PIN use.
Besides, I found nothing in these TechNet docs which indicated you could turn PINs off. Subsequent Google searches yielded nothing helpful.
What about an add-on? I’ve reviewed a few Lync/Skype for Business add-ons here in the past. Maybe an add-on exists which could modify PIN use on conferencing.
Alas, several frustrated searches later, I was forced to concede. I pored through Office 365 documentation, support threads, and blog posts. Nothing.
So far as I can tell, it is not possible to completely disable PINs from use during dial-in conferencing.
Now, again, that’s not a bad thing. It provides extra security for everything from voicemail access to Skype Meetings. And it is faster than typing in an email & password on your phone!
Other Authentication Standards Growing – Which Will Win Out?
I was left to ponder the original request. What motivated the reader? The convenience of skipping a step? Did they use another authentication method instead?
People are getting used to other authentication methods, both in the office and when mobile. Fingerprint scanning, biometrics, “invisible” backend authentication processes like certificates, etc. More are on the horizon—driven by hackers and malware and the increasing need for securing personal information.
It’s entirely possible that future Skype for Business updates will offer alternate authentication. We’ll just have to wait and see!
Thanks for the poll response! It was an interesting line of thought to pursue. What do you think? If you could remove the PIN requirement from Dial-In Conferencing, would you? Would you prefer replacing it with another authentication method? Please comment or email your thoughts. And join us again next time!