Block Point-to-Point file transfers

In Skype for Business Online, you have ability to control Point-to-Point (P2P) file transfers as part of existing conferencing policy settings. However, this allows or blocks file transfers for users whether or not they are transferring files to a user who is within the same organization or to a federated user from another organization. Following the steps below, you can block P2P file transfers with federated organizations or partners.

A very common scenario is when you want to allow internal users to use P2P file transfer but block file transfer with federated partners. For this scenario, you would need to do:

  • Assign a conferencing policy with P2P file transfer enabled (EnableP2PFileTransfer set to True) to users in your organization.

  • Create a global external user communication policy set to block external P2P file transfers (EnableP2PFileTransfer set to False) and assign it to a user in your organization.

You can find out more about those settings here.

If a federated user outside your organization tries to send a file to a user where the policy has been applied, they will receive a Transfer Failed error. And if a user tries to send a file, they will receive a File transfer is turned off error.

To make this work, the user must be using a supported version of a 2016 Click-to-Run Skype for Business app that supports it. The following minimum version of Skype for Business 2016 Click-to-Run client is required:

Type Release date Version Build
First Release for Current Channel
11/17/2016
16.0.7571.2006
Version 1611 (Build 7571.2006)
Current Channel
12/6/2016
16.0.7571.2072
Version 1611 (Build 7571.2072)
Deferred Channel
2/22/2017
16.0.7369.2118
Version 1609 (Build 7369.2118)

Caution

Users that are using older versions of Skype for Business Windows apps or Mac clients will still be able to transfer files.

Verify and start Windows PowerShell

  • Check that you are running Windows PowerShell version 3.0 or higher

    1. To verify that you are running version 3.0 or higher: Start Menu > Windows PowerShell.

    2. Check the version by typing Get-Host in the Windows PowerShell window.

    3. If you don't have version 3.0 or higher, you need to download and install updates to Windows PowerShell. See Windows Management Framework 4.0 to download and update Windows PowerShell to version 4.0. Restart your computer when you are prompted.

    4. You will also need to install the Windows PowerShell module for Teams that enables you to create a remote Windows PowerShell session that connects to Skype for Business Online.

    If you need to know more, see Connect to all Microsoft 365 or Office 365 services in a single Windows PowerShell window.

  • Start a Windows PowerShell session

    1. From the Start Menu > Windows PowerShell.

    2. In the Windows PowerShell window, connect to your Microsoft 365 or Office 365 by running:

      Note

      Skype for Business Online Connector is currently part of the latest Teams PowerShell module.

      If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.

       Import-Module -Name MicrosoftTeams
       $credential = Get-Credential
       $session = New-CsOnlineSession -Credential $credential
       Import-PSSession $session
      

    If you want more information about starting Windows PowerShell, see Connect to all Microsoft 365 or Office 365 services in a single Windows PowerShell window or Set up your computer for Windows PowerShell.

Disable P2P file transfers for your organization

By default, EnableP2PFileTransfer is enabled on the organization's global policy. When it was created, your users were assigned the BposSAllModality policy.

To allow P2P transfers for inside your organization but block external file transfers to another organization, you just need to change it at a global level. To do that, run:

Set-CsExternalUserCommunicationPolicy -EnableP2PFileTransfer $False

Disable P2P file transfers for a user

You can apply this to a user by creating a new policy and granting it to that user. To do that, run:

New-CsExternalUserCommunicationPolicy -Identity BlockExternalFT -EnableP2PFileTransfer $False
Grant-CsExternalUserCommunicationPolicy -PolicyName BlockExternalFT -Identity amosm@contoso.com

Want to know more about Windows PowerShell?

Create custom external access policies

Set up client policies for your organization

Set up conferencing policies in your organization