We've unified Citrix solutions and our portfolio. Learn more .


Citrix Ready Product Image / Logo

SkypeShield is an innovative solution that guarantees secure mobile and external Skype for Business (Lync) connectivity SkypeShield offers integration with Citrix XenMobile which can limit usage of Skype for Business only to devices managed by XenMobile and block access from devices that have become Out Of compliance or removed XenMobile control SkypeShield offers many other security modules including TFA, Ethical wall, DLP, eDiscovery and risk engine.

Request Product Details

Compatible with

  • MDX Toolkit
  • MDX Toolkit 10.4.5
  • MDX Toolkit


  • Citrix Endpoint Management (XenMobile)

Product Details

Customers using Citrix Endpoint Management, formerly XenMobile want to make sure that only device managed by Citrix Endpoint Management are able to connect to Skype for Business and avoiding an employee bypassing Citrix Endpoint Management protection layers by downloading Skype for Business on their personal device and connecting to the server directly.

The integration includes two components / Processes:

MDM Conditional Registration

Limit the registration only to managed devices (with MDM)- supported with all MDM vendors in the market

MDM Conditional Access

Ongoing validation that device is managed and has not become Out Of Compliant (OOC) as defined in the MDM vendor- supported with vendors listed below

Beyond this SkypeShield offer the following main features:

  1. Account lockout protection - Prevent account lockouts resulting from Distributed Denial of Service (DDoS) and brute force attacks on Skype for Business servers for all SIP and HTTP authentication channels. (Read more)
  2. Two Factor Authentication - Securing authentication to Skype for Business and Exchange (EWS) by requiring a simple and secure device enrollment process (Read more)
  3. Device Access Control - Restrict the usage of Skype for Business & Exchange (EWS) only to registered devices. Control device types, Vendors , OS version and number of devices to minimize security threats (Read more)
  4. Ethical wall - Solve compliance, security and data protection issues with granular communication control. Set policies controlling communication based on parameters such domain, SIP or groups. Control features within communication such as chat, presence, file transfer, desktop sharing and more (Read more)
  5. DLP Engine - Handle sensitive information passed through Skype for Business. Apply rules for specific groups with incident actions of block, mask or notify. Also support commercial DLP integration with Symantec, ForcePoint (Websense), McAfee, GTB and other vendors (Read more)
  6. Disclaimers - Context based disclaimers configurable by conference type, domain, user type and more (Read more)
  7. eDiscovery - Enable Skype for Business data governance as per GDPR regulations with advanced search capabilities that allows export or remove of conversations and the messages and files within. (Read more)
  8. Skype Intrusion Prevention System (application firewall) - Handle security threats related to guest and anonymous traffic entering corporate network using request rewriting (Session termination), Protocol Level Sanitization  (inspection for malicious code) and Application level inspection (validating content such as meeting ID and stricture). (Read more)
  9. Active Directory credentials protection - Avoid using and storing AD credentials on device by defining dedicated Skype for Business credentials or using RSA tokens (Read more)
  10. Risk engine (coming soon) - Define Geo location (Geo fencing)  rules. Display live map of connections. Profile user behavior and create security alerts events when detecting suspicious changes related to location, devices, data capacity, activities and more. (Read more)