Mark Berry January 19, 2012
I’ve used Windows Messenger for years to exchange instant messages with clients, friends, and family. The current iteration of Microsoft’s free IM client, Live Messenger, has been commercialized (displays ads) and doesn’t “feel” very business-like. Since Lync is included with Office 365, I decided to give that a try.
Lync requires some updates to your public DNS, and you need to assign a Lync license to users in the Office 365 Management portal. You also need to decide how to set your global Domain federation and Public IM:
Domain federation defines whether you will be able to communicate with external organizations that use Lync. You can set it to be open to all with blacklists, open to none with whitelists, or completely disabled:
Public IM determines whether you will be able to communicate with Live Messenger clients. You can only turn this on if Domain federation is also turned on:
If enabled globally, Domain federation and Public IM can be disabled at the user level.
Lync Clobbers Live Messenger
The first thing I discovered was that a few hours after turning on Domain federation and Public IM connectivity, my Live Messenger disconnected. When I tried to log back on, it told me that I could no longer use my Live ID for Live Messenger. Yup: because my Live ID is in my own domain, when I enabled Lync Public IM for that domain, Lync took precedence and disabled Live Messenger. You can only have one or the other in the same domain. Fortunately, disabling Public IM restored my Live Messenger connection so I could continue using Live Messenger while testing Lync.
This wouldn’t be a big deal if I could replace Live Messenger with Lync. But I can’t. Read on.
Live Messenger Connects but Lync Doesn’t
One of my friends works for a Fortune 1000 company that uses Lync in-house. Communications with this friend through Live Messenger work fine. However when I tried to connect to him from Office 365 Lync, I could not, nor could he connect to me.
I expect the problem is that his company’s Domain federation is set to only allow whitelisted domains. Since my domain is not on their list, my IMs can’t get through. But they have allowed Public IM, so Live Messenger works fine.
Unfortunately I can’t just call up the IT department of a $17 billion company and ask them to add my Lync domain to their Lync federation so I can chat with my buddy. Live Messenger is my only option to communicate with this friend.
Office 365 Lync’s Weak Privacy
In Live Messenger, I’ve come to expect that anyone who wants to be a “friend” must send me a request. Only those I approve can see my presence information, status updates, etc. This is the standard behavior for social networking (Facebook, LinkedIn, etc.).
Lync, on the other hand, lets any user see the picture, presence, and status message of any other user. Users do not need to grant permission first. And this includes federated domains. So if I allow open federation from any domain, that means that any Lync user in the world, by simply entering my email address, can see whether I am online and can send me instant messages. If they don’t have my email address, Lync will help them figure it out by returning my presence info once they guess the correct address. This happens without my knowledge or approval.
It works the other way too: I can see the status of anyone on an open Lync network, whether or not I have ever communicated with them via Lync. Here for example are a couple of Lync support engineers (I’ve hidden their last names):
Lync 2010 software does offer an Enhanced Presence Privacy Mode. When enabled, “the option to restrict presence information to contacts becomes available in the Lync 2010 Status options.” In other words, if I haven’t added the person to my Contacts list, that person couldn’t see my status (same as Live Messenger).
Unfortunately, Enhanced Presence Privacy is disabled in the Office 365 implementation of Lync, and since Office 365 does not allow PowerShell access to Lync, there is no way to change this. So the option to restrict presence information is not available in my Lync Status options:
That means the only way to hide presence information is to set Domain federation to “Disabled for all domains except those intentionally allowed.” Even then, if I were to allow federation with my friend’s Fortune 1000 company, and if their IT department allowed my domain, all 6500 people who work there would be able to see my presence without my permission.
Comparing Lync to Live Messenger
Here’s a table summarizing what I’ve learned:
|Feature||Office 365 Lync||Live Messenger|
|Can communicate with any Lync or Live Messenger client.||Only if target domain allows my domain (unlikely with large company running Lync).||Yes. If target domain runs Lync, Public IM must be enabled (more likely with large company since privacy protected).|
|Can hide presence from everyone except my contacts.||Yes – see update below.
|One-to-one IM and video||Yes||Yes|
|Multi-party meetings and other advanced IM features.||Yes||No|
There is no doubt that Lync has some great features for meetings, etc. that go beyond what is available in Live Messenger. A small company with several far-flung employees needing to stay in touch could benefit from these features. However, due to the connectivity and privacy limitations of Office 365 Lync, you may also need to run Live Messenger for connecting with the outside world. And if all you need is one-on-one IM and video, Live Messenger offers better connectivity and privacy—as long as you can put up with the annoying ads.
Update February 17, 2012
Sometime since I wrote the above last month, Office 365 added support for Enhanced Presence Privacy Mode. In the Lync Online Control Panel, click on the new Presence and notifications link:
After setting the default to “Display presence information only to a user’s contacts,” my Lync Options > Status screen lets me control who sees my presence: