Skype For Business Enhancements

• Visibility of Skype for Business Registration Events

  For Skype for Business (SfB) Registration Events, Operations Manager processes both events - Register Request and 200 OK Response to display SfB registration events in the Operations Manager Registrations grid in the GUI.

  To support the display of an SfB registration event, the source IP address of the 200 OK Response message is updated with SfB server IP address and Destination IP address of the 200 OK Response message is updated with SfB Endpoint IP address, and this is sent to Operations Manager. Operations Manager processes both and displays the details in the Registrations Details window.

  Registration events of only those SfB users who sign in or sign out from the SfB Server after the upgrade are displayed in Registrations grid. SfB Registration events that existed before the upgrade are not displayed in the GUI.

• Display of Media Statistics for a Skype for Business Call

  The Media Summary tab for a SfB call displays the Media Type and the Codecs statistics in addition to other statistics. The Media Type and Codecs statistics are visible only for calls made after the upgrade to 4.3. Existing calls will not display this information in the Media Summary tab.

• Visibility of Inbound and Outbound Legs of an SfB Call

  Operations Monitor supports the visibility of both inbound and outbound legs of SfB calls.

  The SfB server needs to be configured as a platform device for the SfB calls to be correlated. Existing calls displayed in the Calls page before the upgrade will not be correlated.

Fraud Monitor Enhancements

• Visibility into Dynamic Learning

  Fraud Monitor users can view information on user call data that is captured over a period of time and how this information can be used to detect fraud scenarios. The Learning Period tab which is visible only to the Administrator, displays user information of the following metric type rules:

  • Destination-based traffic spikes
  • Destination-based call volume
  • Source-based traffic spikes
  • Source-based call volume

  The user listing shows a list of users and the rule type. Clicking on a user in the user listing shows the Learning Period graph. The data is shown for a period of last 7 days.

• Automatic Deletion of Expired Subscriber Entries

  All entries in the Blacklist, Whitelist, Ratelimit, and Redirect subscriber lists have an expiry time. The default expiry time is 48 hours from the time the subscriber is listed in the list. You can set the value for the expiry time in the range of 48-1440 hours.

  If Automatic Expiry Delete in System Settings is enabled, then 24 hours after the expiry, the entries are deleted. A warning or notification is sent at 03:23 every day in the form of either email or SNMP traps as configured.

  You can review the expired entries and choose to either delete the entries or extend the expiry time. For entries that existed before the upgrade to 4.3, you can use the Apply Automatic Expiry for Existing Entries option as a one time action.

• New Source-Based Rules

  Source Based traffic monitoring is a key enhancement to the fraud detection capabilities of Fraud Monitor. The Source-based Traffic Spikes and the Source-based Call Volume rules help in monitoring source based traffic. Traffic spike can be measured based on call duration. Call volume can be measured in number of calls per second and maximum active calls.

  As with Destination-based traffic rules, you can define Dynamic and Static methods of points accumulation. Fraud Monitor raises an incident when a source user generates an unusually high traffic. If the threshold is crossed, then source user accumulate points. These rules can be used to identify possible candidates for blacklisting source numbers.

Security Enhancements