Friday, November 9, 2018

Configuring Skype for Business Hybrid with GCC High Tenants

Configuring Skype for Business Hybrid with a GCC High Office 365 tenant is mostly the same, but it turns out that there are a few differences in terms of the DNS records and FQDNs that get set when running the PowerShell cmdlets. This brief posts walks you through the differences.

Differing DNS Records

When working with [U.S.] GOV tenants in Office 365, there are a couple different types of tenants that reflect varying levels of compliance & security requirements. Namely, there is:

  • Office 365 GCC
  • Office 365 GCC High and DoD
There are a number of compliance requirements that are met by each type of tenant, as can be guessed by the difference in names. Clearly, the Office 365 GCC High and DoD tenants meet a more strict set of requirements, as well as those that specifically target DoD entities.

There are several components to the architecture of these tenants that allow them to meet a more stringent set of requirements, and one of them is reflected by the difference in FQDNs and URLs that are used by endpoints to connect into these environments. Specifically, the Office 365 GCC High tenants (DoD is still being worked on) have a different list of required DNS records than your typical commercial tenant. While we are focusing on Skype for Business Online here, this also applies to Exchange Online.

The DNS records that are required for Skype for Business Online in a GCC High tenant are below:

  • 'sip'
    • Points to:
  • 'lyncdiscover'
    • Points to:
  • '_sip'
    • Points to:
    • Port: 443
    • Protocol: _tls
  • '_sipfederationtls'
    • Points to:
    • Port: 5061
    • Protocol: _tcp

Configuring Hybrid

As you can imagine, given the difference in the DNS records, you will want to slightly modify the PowerShell cmdlets that you use when setting up Hybrid for a Skype for Business environment that includes a GCC High tenant. Specifically, when running the New-CsHostingProvider cmdlet, you will want to do so like this, with the specified ProxyFqdn and AutoDiscoverUrl attributes:

New-CsHostingProvider -Identity SkypeforBusinessOnlineGov -ProxyFqdn -"" -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl

The rest of the Hybrid configuration is pretty much the same. Next, when it comes to moving users via the Management Shell, you will modify the cmdlets like so:

Move-CsUser -Identity <> -Target -Credential $cred -HostedMigrationOverrideUrl

So, to summarize, while I hate to seem like I am simplifying, we are pretty much putting '' anymore that '' would typically show up in our Hybrid configuration process.

I hope this is able to save someone even a little bit of pain, somewhere. It seems like such a small thing, but if you are not aware of these differences, the errors that you will run into do not do a great job of letting you know where to start, and none of the "Configure Hybrid" documentation does a great job at calling out that there are differences for GCC High tenants.


  1. This comment has been removed by a blog administrator.

  2. This comment has been removed by a blog administrator.

  3. When conceptualizing the most ideal approaches to earn steady show consideration with your advertising group, consistently recollect that the group isn't the huge machine that numerous businesses improperly take it for.Best Bitcoin Trading online

  4. There are numerous MLM plans that turned out to be inadequate in light of the fact that individuals donít realize the subtleties to be put on them. 소액결제현금화

  5. Very useful info. Hope to see more posts soon!. Bolt Posts

  6. I have added and shared your site to my social media accounts to send people back to your site because I am sure they will find it extremely helpful too. Corporate Headshots

  7. You have a good point here!I totally agree with what you have said!!Thanks for sharing your views...hope more people will read this article!!! Cheapest bulk sms provider in Qatar

  8. I really like your take on the issue. I now have a clear idea on what this matter is all about.. Bolt Posts

  9. Thanks for the blog post buddy! Keep them coming... Bitcoin profit review

  10. You have beaten yourself this time, and I appreciate you and hopping for some more informative posts in future. Thank you for sharing great information to us. as low as 3.95 a month

  11. Nice to be visiting your blog again, it has been months for me. Well this article that i've been waited for so long. I need this article to complete my assignment in the college, and it has same topic with your article. Thanks, great share. Classified site in Dubai

  12. Sometime it becomes very hard to find a well written and well established bog which give you correct and useful information. However, I found this blog and got some relevant information which are really helpful for me. 출장서비스

  13. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. business setup dubai