Not applicable to SBC SWe Edge.

This operation is optional, and allows SBA administrators to configure the security settings for roles, role services, and features on the SBA. This applies security rules to the Windows Server 2008 R2 operating system on the ASM hosting the SBA, and improves system hardening (i.e., reducing its surface of vulnerability).

You can do so by either Applying a Security Template, or Importing a Custom Security Template of choice. The following is a list of the main groups of security rules that are modified:

  • Microsoft OS Services
  • Microsoft OS Networking Firewall
  • Microsoft OS Registry Values
  • Microsoft OS Audit
  • Microsoft OS SCE Templates


Applying an SBA Security Template

Once the security template is applied, the action cannot be reversed. In order to disable the security template, the ASM has to be re-initialized.

Note

The security template is not applicable with Windows Server 2019.


Below is a summarized list of the primary security settings that will be applied by the stronger security rules template :

  • Enables data execution protection
  • Enables firewall
  • Disables domain users from logging into the ASM
  • Enables only local administrator login

Apply Security Template

  1. In the WebUI, access Tasks> Lync Survivable Branch Appliance (or Skype for Business Survivable Branch) > Setup SBA.
  2. Click Security.

  3. From the Apply Version drop down list, select the applicable TLS option (TLS 1.2 Only or TLS 1.0-1.2).

    The following are limitations for using TLS 1.2 Only or TLS 1.0-1.2

  4. Click Apply TLS Version.

  5. For Microsoft SBA Security Hardening, click Apply Default Template. If SBA Security Hardening has been run on the SBA at deployment, this field will be greyed out.

  6. For Custom Security Template, click Browse and select the applicable Security XML file. You need a Windows Server security template XML file created using the Microsoft Security Configuration Wizard (SCW). Refer to the following for how to create the file:

    Windows Security Templates

    Windows VersionMicrosoft Security Configuration Wizard Reference
    Windows 2008Microsoft Security Configuration Wizard (SCW)
    Windows 2008R2
    Windows 2012R2

    Microsoft Security Configuration Wizard (SCW)

  7. Click Submit Security Template file. The operation will take up to to five minutes to complete.

Verify TLS Version is Applied

  1. In the WebUI, access Settings > Application Solution Module > Operational Status (or via Tasks > Application Solution Module > Operational Status).

  2. Under Windows Status > TLS Version, view the current, enabled TLS version.