Trusted applications and policy settings

Unless your Lync environment has a single global policy for each type of policy setting (voice policy, conferencing policy, dial plan, etc.) you may run into problems where your UCMA trusted application endpoints don't work properly with the default policy. A couple of common examples:

  • Voice policy - the default collection of PSTN usages may not be appropriate for the PSTN calls initiated by your application
  • External access policy - if your application needs to contact public IM or federated users and the default policy doesn't allow this

Normally, the Get-CsTrustedApplicationEndpoint command in Lync Management Shell doesn't show any policy information about the trusted application endpoints, and so it's easy to get the idea that they don't HAVE any policies. But in reality, the policies are there -- they're just hiding.

Here's what typical results from Get-CsTrustedApplicationEndpoint look like:

Normal results from Get-CsTrustedApplicationEndpoint

As you can see, no policy settings show up here. But that changes if you run the command like this:

[ps] Get-CsTrustedApplicationEndpoint -Identity "sip:tester@test.greenl.ee" | Select-Object * [/ps]

Now, the command divulges a whole bunch of other properties that you wouldn't have guessed were there:

Full results from Get-CsTrustedApplicationEndpoint

Lo and behold, all of the policy settings you can set for normal users are there as well.

So what if we want to assign a different policy? Simple -- just do it the same way you would for a normal user. Here's an example:

[ps] Grant-CsExternalAccessPolicy -Identity "sip:tester@test.greenl.ee" -PolicyName ExternalUsersAllowed [/ps]

Grant Policy

Here's the result:

With Policy

The trusted application endpoint now has the user-level policy assigned.

Have fun granting policies to your endpoints, and, as always, let me know if you have comments or questions.