RSS Subscription 168 Posts and 2,769 Comments

Lync 2010 Enhanced Privacy Controls

One of the new features in Lync 2010 is the ability to provide Lync clients enhanced privacy controls.  What this provides is the ability for Lync users to restrict their presence to users who are in their contact list.  By default, this feature is not enabled.  You may think to yourself, why?  Well, it’s because OCS 2007 R2 users can connect to Lync Server 2010 if the Client Policies allow for it.  Communicator 2007 R2 does not provide the capability to set these enhanced privacy controls.  It is because of this, you will want to make sure all users are utilizing Lync 2010 in the organization prior to enabling Enhanced Privacy Controls.  If for whatever reason, you have enabled enhanced privacy controls for a user, and they happen to downgrade to Communicator 2007 R2, these privacy settings are lost which is why it is important to restrict the ability for Communicator 2007 R2 users to be able to connect to Lync Server 2010.

To check what the current configuration is set at, we can run the following command:


We can see the EnablePrivacyMode is configured to False.

In the Lync 2010 client options, we see there are no options to prevent anybody from seeing our presence if they are not on our contact list.

But let’s say our Client Policies are preventing Communicator 2007 R2 clients from connecting.  We can set Privacy Mode to true.  Keep in mind, in order for Response Group Agents to receive Response Group calls, they will need to add their Response Group Agents to their contact list.  The Response Group workflow creation process creates a Response Group contact object in Active Directory.  Because of this, there is nothing special you have to do.  It will be as simple as utilizing the search feature in Lync 2010 just like you were trying to find any other user, and adding the Response Group user/contact to the Response Group agent’s contact list.

Now to enable Enhanced Privacy mode, we run the following command:

Set-CsPrivacyConfiguration -EnablePrivacyMode $true

Because Lync 2010 clients retrieve this mode through in-band provisioning, it will be necessary for Lync 2010 clients to log off and log back in.

Once users have logged back in, we can go back to the Lync 2010 options, go to status, and we see some new options.

We can now see the options look different.  By default, only people in the user’s contact list will be able to see their presence.

To illustrate what this looks like, I have two users:

  • Elan Shudnow
  • Elan Test

On the Elan Test account, I have Elan Shudnow added to the contact list.  But Elan Shudnow is showing up as Offline.  In fact, Elan Shudnow is actually set to Available.  Elan Shudnow just doesn’t have Elan Test as a contact.

I will now go ahead and add Elan Test as a contact to the Elan Shudnow account. Once doing so, I immediately see Elan Shudnow’s presence go to Available without doing a single thing on the Elan Test account.


24 Responses to “Lync 2010 Enhanced Privacy Controls”

  1. […] Lync 2010 Enhanced Privacy Controls | Elan Shudnow’s Blog Posted on February 7, 2011 by johnacook […]

  2. […] This post was mentioned on Twitter by John A Cook, Elan Shudnow. Elan Shudnow said: Lync 2010 Enhanced Privacy Controls #lync #ocs #ucoms […]

  3. […] […]

  4. on 21 Apr 2011 at 9:29 amRaul

    Works!!! Now I just need to figure out how to change the client to default to "I want everyone to be able to see my presence" Can you help me out with that?

  5. on 19 Aug 2011 at 2:40 pmTim

    Raul — did you ever find out if the default could be set this way? this i preventing us from using this feature

  6. on 08 Sep 2011 at 2:44 amMike


    We want to do exactly the same thing. Did you manage to figure out how to do this?

  7. on 01 Jun 2011 at 7:04 amsoder

    What about sending IM / calls to a guy who does not have me on his contact list? I can see him as offline, will the chat message be rejected / call being sent to his voicemail?

  8. on 09 Jun 2011 at 10:10 pmElan Shudnow

    Haven't tried it so not sure. If you give it a shot, let me know your experience.

  9. on 16 Jun 2011 at 11:09 amAustin Velasquez

    Hi.. i have a peculiar issue in my lync installation..
    after more than 2 months of finishied installation and configuring lync server standard multirole.
    and use a quintum gateway for voice lab.. everything ok.. but after one week when i try to call any number outside my organization . or internal pbx extention. the lync client status when making call just display calling.
    when i answer the call in the pbx extention or another number. i can hear me in the lync computer but not hear the lync voice. and the status of the call is calling. the audio level is 0 and.. i press the mic button over the call in the lync client and mute the mic. and press again for unmute.. and after two steps the audio can be hear. but the status of the call not change, follow in the calling state.. any idea about this issue?

  10. on 16 Jun 2011 at 5:07 pmElan Shudnow

    You're going to have to use the OCSLogger and Snooper to see what is going on. If you're not familiar with these tools, I suggest opening a PSS case with Microsoft and you'll learn a lot in regards to troubleshooting these issues and how the logging tool works.

  11. on 23 Jun 2011 at 1:34 pmSanaa

    Hi All, thank you in advance, please advice with the following questions,

    if i sent a massage to one of my contact, can the others read my massage? and can they access my document or my desk top?



  12. on 20 Jan 2012 at 2:57 amwolffparkinsonwhite

    Now I just need to figure out how to change the client to default to "I want everyone to be able to see my presence" Can you help me out with that?

  13. on 15 Feb 2012 at 8:46 amJostein

    I would have liked:
    – In my own company: All users can see my presence info, regardless whether they are on my contact list or not.
    – Open federation, users from federatade companies: Can only see my presence info if I have them on my contact list.
    But it seems I cannot get it to work that way neither with EnablePrivacyMode false or true. Comments?

  14. on 01 May 2012 at 1:16 pmMatt Freestone

    Question, after I have enabled this the presence based routing methods in Response Group (such as parallel, round robin, etc) no longer function. It's as though the Response Group Service can't see their presence so it wont' route calls to them. Attendant works fine because it doesn't check for status. Does anyone have any ideas on a work around for this?

  15. on 01 May 2012 at 4:48 pmElan Shudnow

    You didn't read the entire article. I discuss the problem with Response Groups already and how to get around it.

  16. on 08 May 2012 at 4:17 amtrent

    OK so from an admin perspective how do you change "status" options to "I want everyone to be able to see my presence" I've scanned a lync client for changes but nothing is returned, so it look like this is a server side policy?

  17. on 29 Jun 2012 at 9:14 amMatthew C. Evans

    During our testing on this we found that being a member of an AD group added to the Lync client was not enough to make presence work when Privacy is turned on. We have a “Staff” group that contains all employees. Just having the Staff group in my Lync client didn’t work and my presence was hidden from other Staff members that also had this same group.

    Not until they become a member of the Other Contacts (Frequent Contacts probably works too) that the presence starts working again.

    Has anyone else experienced the same problem? We’d like to keep presence working for internal employees, but just block presence by default for all federated domains.

  18. on 08 Jul 2012 at 1:34 pmElan Shudnow

    Hi Matt, I'm fairly certain to achieve the goal you had mentioned in the last sentence would require some custom development via MSPL scripting as there's no way to do that out of the box.

  19. on 15 Oct 2012 at 7:00 amTorsten Egebirk

    When in privay mode and only users in agents contact list can see presence you should as a agent add this user to you contact list (not sure if the ivr or huntgroups sip address should also be in contact list (test)).:
    RGS Presence Watcher, the user is offline – add to Your contact list.
    Then you will get calls when from response groups when signed in and using privay mode.
    Best regards
    Torsten Egebirk – Lync Jedi…

  20. on 15 Nov 2012 at 2:27 amSalis

    what are the Lync client versions that supports enhance privacy?

  21. on 15 Nov 2012 at 10:46 amElan Shudnow

    Legacy OCS 2007 R2 Clients do not support enhanced privacy mode as this is a new feature for Lync 2010. Please see the following:

  22. on 03 Dec 2012 at 4:44 amdusks

    how can we hear a voice from the person PC mic/speaker who is chatting in lync chat

  23. on 07 Feb 2013 at 3:41 pmJustinian

    Can the enhanced privacy mode be enabled on an SBA / branch site scenario, instead of at the Central Site Level?

  24. on 10 Feb 2013 at 8:41 amElan Shudnow

    Yes. You should be able to by creating a new privacy configuration and assigning it to the Identity of Site:Sitename. Similar to what I show in my Client Policies article here:….

Trackback this post | Feed on Comments to this post

Leave a Reply