Block Point-to-Point file transfers
Important
Skype for Business Online operated by 21Vianet in China will be retired on October 1, 2023. If you haven't upgraded your Skype for Business Online users yet, they will be automatically scheduled for an assisted upgrade. If you want to upgrade your organization to Teams yourself, we strongly recommend that you begin planning your upgrade path today. Remember that a successful upgrade aligns technical and user readiness, so be sure to leverage our upgrade guidance as you navigate your journey to Teams.
Skype for Business Online, excluding the service operated by 21Vianet in China, was retired on July 31, 2021.
In Skype for Business Online, you have ability to control Point-to-Point (P2P) file transfers as part of existing conferencing policy settings. However, this allows or blocks file transfers for users whether or not they are transferring files to a user who is within the same organization or to a federated user from another organization. Following the steps below, you can block P2P file transfers with federated organizations or partners.
A very common scenario is when you want to allow internal users to use P2P file transfer but block file transfer with federated partners. For this scenario, you would need to do:
Assign a conferencing policy with P2P file transfer enabled (EnableP2PFileTransfer set to True) to users in your organization.
Create a global external user communication policy set to block external P2P file transfers (EnableP2PFileTransfer set to False) and assign it to a user in your organization.
You can find out more about those settings here.
If a federated user outside your organization tries to send a file to a user where the policy has been applied, they will receive a Transfer Failed error. And if a user tries to send a file, they will receive a File transfer is turned off error.
To make this work, the user must be using a supported version of a 2016 Click-to-Run Skype for Business app that supports it. The following minimum version of Skype for Business 2016 Click-to-Run client is required:
Type | Release date | Version | Build |
---|---|---|---|
First Release for Current Channel |
11/17/2016 |
16.0.7571.2006 |
Version 1611 (Build 7571.2006) |
Current Channel |
12/6/2016 |
16.0.7571.2072 |
Version 1611 (Build 7571.2072) |
Deferred Channel |
2/22/2017 |
16.0.7369.2118 |
Version 1609 (Build 7369.2118) |
Caution
Users that are using older versions of Skype for Business Windows apps or Mac clients will still be able to transfer files.
Start Windows PowerShell
Note
Skype for Business Online Connector is currently part of the latest Teams PowerShell module. If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.
Install the Teams PowerShell module.
Open a Windows PowerShell command prompt and run the following commands:
# When using Teams PowerShell Module Import-Module MicrosoftTeams $credential = Get-Credential Connect-MicrosoftTeams -Credential $credential
If you want more information about starting Windows PowerShell, see Connect to all Microsoft 365 or Office 365 services in a single Windows PowerShell window or Set up your computer for Windows PowerShell.
Disable P2P file transfers for your organization
By default, EnableP2PFileTransfer is enabled on the organization's global policy. When it was created, your users were assigned the BposSAllModality policy.
To allow P2P transfers for inside your organization but block external file transfers to another organization, you just need to change it at a global level. To do that, run:
Set-CsExternalUserCommunicationPolicy -EnableP2PFileTransfer $False
Disable P2P file transfers for a user
You can apply this to a user by creating a new policy and granting it to that user. To do that, run:
New-CsExternalUserCommunicationPolicy -Identity BlockExternalFT -EnableP2PFileTransfer $False
Grant-CsExternalUserCommunicationPolicy -PolicyName BlockExternalFT -Identity [email protected]
Want to know more about Windows PowerShell?
Windows PowerShell is all about managing users and what users are allowed or not allowed to do. With Windows PowerShell, you can manage Microsoft 365 or Office 365 and Skype for Business Online using a single point of administration that can simplify your daily work, when you have multiple tasks to do. To get started with Windows PowerShell, see these topics:
Windows PowerShell has many advantages in speed, simplicity, and productivity over only using the Microsoft 365 admin center such as when you are making setting changes for many users at one time. Learn about these advantages in the following topics:
Related topics
Create custom external access policies