Security vulnerability in push notifications in Skype for Business for iOS

Symptoms
Customers receive push notifications to Skype for Business for iOS clients even though their passwords are expired or have been changed. This issue affects Skype for Business only on iOS devices. For example, if a user loses their device and then changes their corporate password, they may still receive instant messages (IMs) on the device through the Skype for Business for iOS client, even though they have changed their password. They may continue to receive IMs for 14 days after the device has been compromised.
Resolution
Microsoft has identified the cause of this issue and has completed a server fix to make sure that credentials are valid before notifications are sent to a mobile client.
More information
Administrators can change the policy to disable push notifications for affected users. After 14 days, the policy can be turned back on to prevent any potential data leaks. To do this, follow these steps:
  1. Check the user’s current mobility policy to see if outside voice is enabled or disabled.
  2. If outside voice is enabled, run the following cmdlet to disable push notifications:

    Get-CsOnlineUser sipUri | Grant-CsMobilityPolicy -PolicyName "Tag:MobilityEnableOutsideVoiceNoPushNotifications"
  3. If outside voice is disabled, run the following cmdlet to disable push notifications:

    Get-CsOnlineUser sipUri | Grant-CsMobilityPolicy -PolicyName "Tag:MobilityDisableOutsideVoiceNoPushNotifications"
คุณสมบัติ

รหัสบทความ: 3189676 - การตรวจสอบครั้งสุดท้าย: 09/06/2016 17:27:00 - ฉบับแก้ไข: 1.0

Skype for Business for iOS

  • kbsurveynew KB3189676
คำติชม