Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Emergency Mitigation Service for Microsoft Skype for Business (SfB) Server helps keep your Skype for Business servers secure by applying mitigations to address specific potential threats.

EMS uses the cloud-based Office Config Service (OCS) to check for new mitigations, download available mitigations, and send diagnostic data to Microsoft. 

Note: Using EMS is optional. If you do not want Microsoft to automatically apply mitigations to your Skype for Business servers, you can disable the feature. 

Mitigations

The mitigation that is applied by EMS is an automatic action or set of actions to secure a Skype for Business server from a known threat that is being actively exploited in the wild.

To help protect your organization and mitigate the risk, EMS will automatically disable features or functionalities on a Skype for Business server. 

EMS can apply the following types of mitigations: 

IIS URL Rewrite rule mitigation: This mitigation is a rule that blocks specific patterns of malicious HTTP requests that can endanger a Skype for Business server.

App Pool mitigation: This mitigation disables a vulnerable app pool on a Skype for Business server.

You have visibility and control over any applied mitigation by using Skype for Business PowerShell cmdlets.

How EMS works

If Microsoft learns about a security exploit, an appropriate mitigation may be created and released. If this occurs, the mitigation is sent from the OCS to EMS as a signed XML file that contains the configuration settings that are required to apply the mitigation.

EMS checks OCS for available mitigations every hour. EMS subsequently downloads newly discovered XML file mitigations and validates the signature to prevent file tampering. EMS checks the issuer, the extended key usage, and the certificate chain. After successful validation, EMS applies the mitigation.

Each mitigation is a temporary “fix” until the security update that fixes the vulnerability in the code is applied. EMS is not a replacement for Skype for Business Business security updates (SUs) and cumulative updates (CUs). However, it's the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises SfB servers before they are updated. Users do not have to undo the pre-existing mitigation when they apply the SU or CU. The mitigation is automatically removed after an appropriate fix is released.

Note: The documentation for cmdlets will be made available soon.

References

Emergency Mitigation Service

Skype for Business Server 2019 Cumulative Update Available for Download

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×