Controlling Who Has What Access to Who In Microsoft Lync: Privacy Relationships, Whitelists, Ethical Walls, MSPL Scripts and More

wallThe question gets asked quite often and in various different ways:

  • How can I keep 2 Lync users, or 2 groups of users, from communicating using Microsoft Lync?
  • How can I keep everyone from bothering the CEO?
  • If we federate, will just anyone bother us? How can we control this?

Microsoft Lync provides several ways to control access to yourself and others and I expect as more federation happens we will see even more 3rd party solutions (and who knows, even more features built into Lync itself?)

With traditional communications we had:

  • Do Not Call Registry
  • PBX’s often allow you to block/blacklist numbers with a star code

How do we control access in the UC world? In this blog we will cover several ways to control access in Microsoft Lync.

Privacy Relationships (Black List/User Level)

Privacy Relationships allow you to select what every Lync Contact’s access level to you is: Everything from “Family & Friends” that shows/allows everything to “Blocked Contacts” which doesn’t allow the contact to communicate with you or even see your presence. (You can still call, IM them!) Privacy Relationships are defined by the user and take effect immediately.

This is an okay method if you want each user individually manage every other user. Much like a black list, but with much more granularity.

More Detailed Blog on Privacy Relationships:
Also, how privacy relationship affects who can see your Calendar:

Enhanced Presence Privacy Mode: Only Allow Those On Your Contact List to See Your Presence (White List/Admin+User Level)

With Microsoft Lync Enhanced Presence Privacy Mode you have your Lync Admin flip a switch so that only those in your Lync Contact list can see your presence. See below URL for more details:

MSPL Script to Block Access at (Admin Level)

MSPL is a scripting language that allows you to do message routing and filtering. Using MSPL scripts you can centrally do quite some wizardry around controlling access by blocking or Redirecting IM/Audio/Video based on Caller, Message Content or call type.

MSPL scripts have been for the “programming minded” until Colima designed a free and very easy tool called SimpleRoute. This tool uses a very simple GUI tool to generate MSPL scripts. (the tool is 2MB, requires no installation—impressive!)

See my detailed blog on Colima SimpleRoute free/paid End User MSPL Script Creator:

Another option in the MSPL route is a MSPL script by This is a script that will block all phone numbers in a text file. You can get the script here. @TommyClarke notes that Sweden there is an API that reveals annoying numbers, click here to see his post.

Use “Ethical Walls” Using SDK or 3rd Party Lync Enhancement

Another way to centrally control access between whole groups of users is the use of an “Ethical Wall” enhancement to Microsoft Lync. Currently this is not a feature built into Lync and you will need to use the Lync SDK to write this functionality or buy one of several 3rd Party add-ons to achieve this.

Below is a list of some Ethical Wall add-ons for Lync:

Can you think of any other ways to control Lync access? If so, please comment!


  1. The one problem with the Enhanced Presence Privacy setting is the it is a pool-level setting. It would be great if I could selectively apply a policy to a subset of users, without creating another pool. Feedback I have seen from senior management in large companies is they get disturbed too often and don’t have the time to set individual settings, so they often don’t use IM/Presence as a result.

  2. I have the same issue. I turned on privacy settings to support a handful of executives, and unfortunately changed how 4,000 other users in the company have to work. I would like to fix this with either a GPO or a Powershell command, but I haven't find a solution for it yet.

  3. Is there a way to gray out features in the Lync 2013 client? We are planning to use this only for IM and presence only and want to have the video and calling features unavailable to end users. I have the client installed and all features are available but do not work.

    1. not related to this post, but here:

  4. Hi, I want to ask something about MSPL and Route Tool.
    We can do this from and to be a group or OU do not send the other group or OU. For ex: do not send IM or file transfer a person from OUx to other person from OUy. Of course this scenario may be about 2 groups.

    How can we do this?

    Thanks for help.

  5. Microsoft Lync Ethical Wall
    The solution is used as a communication barrier (ethical wall) to block Lync communication between different groups of users. Organizations can also modulate all aspects of communication viz. IM, Presence, File Sharing, Audio, Video and / or desktop sharing as per your compliance policies. Target groups could be either internal set of users or federated set of users. Being a server side product, the policies are applied to any type of Lync end points.