Block Point-to-Point file transfers

In Skype for Business Online, you have ability to control Point-to-Point (P2P) file transfers as part of existing conferencing policy settings. However, this allows or blocks file transfers for users whether or not they are transferring files to a user who is within the same organization or to a federated user from another organization. Following the steps below, you can block P2P file transfers with federated organizations or partners.

A very common scenario is when you want to allow internal users to use P2P file transfer but block file transfer with federated partners. For this scenario, you would need to do:

  • Assign a conferencing policy with P2P file transfer enabled (EnableP2PFileTransfer set to True) to users in your organization.

  • Create a global external user communication policy set to block external P2P file transfers (EnableP2PFileTransfer set to False) and assign it to a user in your organization.

You can find out more about those settings here.

If a federated user outside your organization tries to send a file to a user where the policy has been applied, they will receive a Transfer Failed error. And if a user tries to send a file, they will receive a File transfer is turned off error.

To make this work, the user must be using a supported version of a 2016 Click-to-Run Skype for Business app that supports it. The following minimum version of Skype for Business 2016 Click-to-Run client is required:

Type Release date Version Build
First Release for Current Channel
11/17/2016
16.0.7571.2006
Version 1611 (Build 7571.2006)
Current Channel
12/6/2016
16.0.7571.2072
Version 1611 (Build 7571.2072)
Deferred Channel
2/22/2017
16.0.7369.2118
Version 1609 (Build 7369.2118)

Caution

Users that are using older versions of Skype for Business Windows apps or Mac clients will still be able to transfer files.

Verify and start Windows PowerShell

  • Check that you are running Windows PowerShell version 3.0 or higher
  1. To verify that you are running version 3.0 or higher: Start Menu > Windows PowerShell.

  2. Check the version by typing Get-Host in the Windows PowerShell window.

  3. If you don't have version 3.0 or higher, you need to download and install updates to Windows PowerShell. See Windows Management Framework 4.0 to download and update Windows PowerShell to version 4.0. Restart your computer when you are prompted.

  4. You will also need to install the Windows PowerShell module for Skype for Business Online that enables you to create a remote Windows PowerShell session that connects to Skype for Business Online. This module, which is supported only on 64-bit computers, can be downloaded from the Microsoft Download Center at Windows PowerShell Module for Skype for Business Online. Restart your computer if you are prompted.

    If you need to know more, see Connect to all Office 365 services in a single Windows PowerShell window.

  • Start a Windows PowerShell session
  1. From the Start Menu > Windows PowerShell.

  2. In the Windows PowerShell window, connect to your Office 365 organization by running:

    Note

    You only have to run the Import-Module command the first time you use the Skype for Business Online Windows PowerShell module.

     Import-Module "C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnector.psd1"
     $credential = Get-Credential
     $session = New-CsOnlineSession -Credential $credential
     Import-PSSession $session
    

    If you want more information about starting Windows PowerShell, see Connect to all Office 365 services in a single Windows PowerShell window or Connecting to Skype for Business Online by using Windows PowerShell.

Disable P2P file transfers for your organization

By default, EnableP2PFileTransfer is enabled on the organization's global policy. When it was created, your users were assigned the BposSAllModality policy.

To allow P2P transfers for inside your organization but block external file transfers to another organization, you just need to change it at a global level. To do that, run:

Set-CsExternalUserCommunicationPolicy -EnableP2PFileTransfer $False

Disable P2P file transfers for a user

You can apply this to a user by creating a new policy and granting it to that user. To do that, run:

New-CsExternalUserCommunicationPolicy -Identity BlockExternalFT -EnableP2PFileTransfer $False
Grant-CsExternalUserCommunicationPolicy -PolicyName BlockExternalFT -Identity amosm@contoso.com

Want to know more about Windows PowerShell?

Create custom external access policies

Set up client policies for your organization

Set up conferencing policies in your organization