Microsoft is set to end extended support for Skype for Business Server (2015 and 2019) on 14 October 2025. From that point onwards, organisations will need to choose between migrating to a more costly, cloud-based solution or taking the opportunity to adopt a certified, European on-premise alternative.
A strategic and technological turning point
The upcoming end of support for Skype for Business Server marks a pivotal moment for companies and public sector bodies that had opted for an on-premise communications infrastructure, outside the major public cloud ecosystems.
In light of this change, customers are being steered towards Microsoft Teams – a cloud-based solution described by Microsoft as the “simplest alternative” – but one that is far from the most secure. This transition introduces both technological and legal dependency on cloud infrastructure governed by US legislation.
For those seeking to retain a Microsoft on-premise solution, the shift now presents a real strategic and operational challenge. Significant migration costs, licensing changes, and limited technical support make this option increasingly complex and difficult to sustain economically.
However, other viable alternatives do exist.
Switching tools without compromising your standards
A rapid move to Microsoft Teams might seem like the natural choice. However, this transition entails a number of risks:
Data hosted on US-based cloud services, subject to the Cloud Act (allowing US authorities to access user data under certain conditions),
Complicated access governance and auditability,
Unpredictable feature changes,
Reduced technical independence.
For organisations required to comply with regulations like NIS 2 or DORA – or those looking to bolster their digital sovereignty – migrating to Teams may raise more concerns than it resolves.
Deploying a new, on-premise communications platform that aligns with your organisation’s requirements in terms of security, sovereignty, and compliance could be the better route.
Why Stick With an On-Premise Communications Model?
Maintaining an on-premise solution addresses fundamental organisational needs – beyond just technical architecture. Key advantages include:
A bespoke setup tailored to your IT infrastructure and internal requirements,
Complete control over data, ensuring full GDPR compliance: local hosting, oversight of data flows and metadata, managed retention of content and access logs,
Strengthened security through system isolation – particularly valuable in sensitive or classified environments (e.g., defence, industry, energy, finance),
Business continuity, even without internet access or during cyber incidents,
When identifying a suitable replacement for Skype for Business Server, consider these essential criteria:
Secure by Design
Security must be embedded from day one. The architecture should be based on a Secure by Design approach – with no open inbound network ports, proactive vulnerability management, strong authentication, and detailed access control.
A reliable communications platform must also offer end-to-end encryption across all streams: audio, video, messaging, and file sharing.
Technological Sovereignty
The alternative should minimise reliance on foreign technology – especially solutions exposed to extraterritorial laws like the US Cloud Act – particularly for core components.
Opting for a proprietary solution developed by a European company – with R&D, ownership, capital, and support all based within Europe – significantly enhances trust and security. Independence from non-European providers ensures full control over infrastructure.
Regulatory Compliance
The platform must be fully compliant with the GDPR, both in data handling and in activity traceability. It should also support compliance with new EU regulations:
The NIS 2 Directive on cybersecurity for essential and important entities,
The DORA Regulation on digital operational resilience in the financial sector.
Deployment and Interoperability
Integration and interoperability must not be overlooked. The chosen solution should connect with existing infrastructure, support standard protocols (e.g., SIP, H.323), and offer APIs or connectors to facilitate integration into your information system.
Straightforward deployment is a major advantage, especially in complex or high-security environments.
Tixeo: a sovereign, secure, and european alternative
Tixeo is a secure video conferencing solution developed in Europe, designed to meet the highest standards of security, digital sovereignty, and regulatory compliance.
It now offers a credible and proven alternative to Skype for Business Server – especially for organisations determined to retain control over their strategic communications.
With fully proprietary technology, CSPN certification from ANSSI, and full on-premise deployment capabilities (via TixeoServer) – including in air-gapped or isolated environments – Tixeo offers:
Secure by Design architecture,
End-to-end multipoint encryption,
Fine-grained access control,
Interoperability with SIP and H.323 telephony systems,
Support for GDPR, NIS 2, and DORA compliance,
Simplified and secure on-premise deployment, with only one open port and no listening ports on workstations.
Tixeo’s on-premise model: meeting your strategic needs
Your Challenge
Tixeo’s Response
End of Skype for Business Server
Smooth migration to a sovereign on-premise solution
100% European-owned solution, with no third-party dependencies
Trusted by Governments, Defence and Critical Industries
Already adopted by ministries, defence agencies, financial institutions, and critical industries, Tixeo has become the strategic choice for organisations wanting to secure their most sensitive communications – without compromising on sovereignty.
Staying the course in uncertain times
Amid rising geopolitical tensions, escalating cyberthreats, and renewed focus on digital sovereignty, selecting a communications platform is no longer a technical afterthought – and “cloud-only” is no longer the only viable model.
The end of Skype for Business Server support presents a timely opportunity to rethink your communications infrastructure to:
Strengthen your cybersecurity posture,
Regain control over your data,
Ensure long-term digital autonomy.
For over two decades, Tixeo has embodied this vision – offering a sovereign, robust, and trusted solution.
The year 2024 will be marked by several significant political and geopolitical events that will have repercussions in cyberspace. What are they, and what are the cybersecurity risks?
The 2024 political elections
As the war in Ukraine and the Israeli-Palestinian conflict continue towards the end of 2023, major political elections will mark the year 2024 and cyberspace.
The presidential election in Taiwan
On 13 January 2024, the presidential election in Taiwan took place. This event was under close surveillance as the candidate from the ruling party (Democratic Progressive Party), whom China strongly opposes, was favoured by a divided Taiwanese opposition. The United States was also paying close attention to the situation, at a time when tensions with the People’s Republic of China were intensifying. The opposition parties, namely the Kuomintang and the Taiwan People’s Party (TPP), were said to be “in favour of easing relations with Beijing.” The result of the election saw the ruling party’s candidate securing a decisive victory, further cementing the Democratic Progressive Party’s position in Taiwan’s political landscape.
The U.S. presidential election
On November 5, 2024, the new U.S. president will be elected. This election has significant geopolitical implications, with the likely candidacy of former President Donald Trump. Should he win, his positions regarding the war in Ukraine or his repeatedly expressed desire to leave NATO would cause global upheavals.
The european elections
In Europe, from June 6 to 9, 2024, the European elections will take place. Over 705 Members of the European Parliament will be elected to represent the citizens of the 27 EU member states. Voters are called to mobilize for this election, which could lead to a historic reorganization of political alliances within the European Parliament.
UK General Elections
On July 4, 2024, the UK general elections could see the Labour Party return to power after 14 years in opposition. A month before the election, the party led by Keir Starmer is leading the polls with around 45% of the vote, far ahead of Rishi Sunak’s Conservatives, who are polling between 20% and 25%.
The 2024 Olympic Games
The Paris 2024 Olympic Games will be held from July 26 to August 11. This sporting event is also a geopolitical event that will greatly increase the visibility of the French capital and the country as a whole. Authorities have already warned of an unprecedented increase in the level of risk of cyberattacks during the preparation and launch period of the Olympics.
Repercussions in cyberspace in 2024
These geopolitical events provide opportunities for cyber attackers to conduct large-scale operations, leading to a likely increase in the alert level for nations and organizations, especially in critical sectors.
Three main types of cyber threats
Often state-sponsored or para-state in origin, these cyber threats can be classified into three main categories.
Espionage
Cyber espionage involves stealing confidential and sensitive data, sometimes classified, from a nation or organization. This could involve intercepting information about an upcoming election to learn the outcome or harming a company’s competitive advantage. A company’s intellectual property, as well as a nation’s scientific and technical potential, can also be at stake.
Sabotage
Some cyberattacks aim to sabotage a major event, infrastructure, or a country’s critical installation. They may target computer and communication systems, networks, or databases, disrupting their proper functioning or causing irreversible damage. The goal is to harm the security and economy of a nation. Activism can also be a cause of sabotage, for example, during the Olympics, to disrupt the events of a particular country. Sabotage generally results in temporarily or permanently ending an activity and leads to severe financial losses.
Known example of sabotage: Stuxnet. Discovered in 2010, this computer worm targeted and sabotaged centrifuges used for uranium enrichment in Iran. The virus was programmed to change the machines’ speed while displaying normal data to operators, causing irreversible material damage.
Subversion
Particularly used during electoral periods, subversion aims to weaken confidence in a personality, political party, or institution to influence public opinion. Disinformation campaigns, especially on social media or via the media, are the most visible part. On a national scale, subversion leads to political instability. In companies, it can lead to governance disruptions.
Example of subversion: the Hillary Clinton email affair. In 2015, The New York Times reported that Hillary Clinton used a personal email address for official communications while she was Secretary of State of the United States. This revelation raised questions about the protection of classified information. Just days before the 2016 presidential election, the FBI announced it was reopening the investigation after discovering new emails on the computer of the husband of one of Clinton’s aides. A major controversy that may have influenced the election outcome.
Other units active in subversion include UNC1151. Linked to the Belarusian government, the group conducts online disinformation operations to discredit NATO in the Baltic states. Since 2017, the Ghostwriter campaign has been spreading fake news hostile to the Atlantic Alliance, particularly regarding the deployment of nuclear weapons.
The hack and leak phenomenon
The “hack and leak” phenomenon involves cyber attackers obtaining data, through cyber espionage, for example, and immediately leaking it online. Generally used in disinformation operations, hack and leak is a method of subversion with political consequences.
Known example of hack and leak: In France, two days before the second round of the 2017 presidential election, the “Macron Leaks” affair occurred. Documents related to Emmanuel Macron and his movement En Marche! appeared online. The campaign team confirmed that fake documents were mixed with real ones, aiming for disinformation.
Increased vigilance for nations and organizations
In summary, in 2024, economic and geopolitical uncertainty, along with major political upheavals, expose nations and organizations to significant cyber risks.
Measures to strengthen cybersecurity and cyber resilience will be crucial. The mandatory implementation of the NIS 2 regulation within EU member states by the end of the year will be beneficial. However, the time between the obligation and regulatory compliance will take time for organizations.
From now on, companies and public administrations must double their efforts to prepare for these important international events and strengthen their digital operational resilience in the face of potential crises.
Opinion piece by Jean-Philippe Commeignes, Commercial Director @Tixeo
Europe, struck by the war in Ukraine for nearly two years, has been experiencing an intensification of the terrorist threat for several weeks following the outbreak of war between Israel and Hamas. In this extremely tense geopolitical context, the statement by the Minister of the Interior in a recent interview about access to data and encrypted messaging conversations has put back on the table the binary question of balancing privacy protection and the need for security.
The fundamental issue is not so much the debate on the unlikely negotiation of access to public encrypted messaging, but the strict control of the use, sale, and export of cutting-edge surveillance technologies. These technologies, beyond circumventing the encryption problem, represent a dangerous temptation within the European Union, as highlighted by Sophie in ‘t Veld, a Member of the European Parliament, in her latest opinion piece on the risks of this industry.
Global War on Terror and Mass Surveillance
After September 11 and the launch of the war on terror by the USA and its allies, the demand for surveillance and intelligence solutions exploded. A 2017 Privacy International report counts several hundred companies in this sector created between 2001-2013, 75% of which are from NATO countries. The approach, tinged with American techno-solutionism to address the threat, led to the implementation of mass surveillance programs revealed by whistleblower Edward Snowden in 2013, then employed by the famous NSA agency. This also revealed the role of major American platforms in this data collection.
Uncontrolled Changes in the Post-Snowden World
These revelations had two major effects:
• The gradual generalization of encryption, even in consumer solutions, making authorities more “blind” in technical collection, and prompting states to have means of circumvention;
• The tightening of data protection regulations, through the General Data Protection Regulation, positioning Europe as a standard-bearer for privacy protection worldwide.
Concurrently, the rapid adoption of smartphones, messaging, and social networks facilitated the coordination of social movements like the Arab Spring, creating a stronger demand from authoritarian countries for solutions to contain them.
“The Cyber Surveillance Industry Has Adapted Across the Entire Value Chain”
The cyber surveillance industry has adapted across the entire value chain to meet both domestic and export markets, in a mix of business and foreign policy. It’s a market with layers.
Extract from the Digital Violence platform
The first is the research and acquisition of unknown computer vulnerabilities to publishers, called 0-day, which allow those who hold them to compromise targeted software and equipment without user action (0-click). The second is spy software that uses these vulnerabilities as invisible vectors to deploy their real-time surveillance tools.
This was highlighted twice thanks to the work of journalist consortia and NGOs like Amnesty International. The first time in July 2021 by Forbidden Stories and 17 media outlets as part of the Pegasus Project, named after the spyware developed by Israeli company NSO. The second time, a month ago, in the context of the Predator Files, named after another type of software, this time developed by a consortium of companies based in Europe, particularly in France, Intellexa. This is emblematic of an ecosystem still adrift and used for political purposes. The Digital Violence platform, developed by Forensic Architecture, allows for a frightening but salutary immersion.
Today, the cyber surveillance industry market is estimated at $12 billion according to the director of the Citizen Lab.
The PEGA Commission and Its Recommendations Against Illiberal Temptations in Europe
The work of the Parliamentary Commission on Spyware, called PEGA, following the Pegasus scandal, has highlighted the main problems within the European Union.
Domestically
First, domestically, with the confirmation that 14 European countries and 22 security agencies had acquired this type of software and that 5 member countries had used it against civil society in disregard of the law and institutions. This underlines that even our democracies can be seduced by tools that bypass the indispensable control for legitimate and proportionate use, sometimes relying on a very broad definition of the concept of national security.
Internationally
Internationally, they showed the limitations of the EU’s export rules for these technologies, both permissive and without homogeneous application within member states. This allows for the implementation of opaque company structures to take advantage of these weaknesses for easier export.
A recent report by the Carnegie Endowment for International Peace indicates that EU member states granted 317 export authorizations in this segment between 2015 and 2017, compared to only 14 refusals. It also indicates that these exports are primarily to countries where human rights are secondary.
This is Europe’s paradox: being a model promoting democracy and human rights protection while importing and exporting, without strict control, the means of its regression.
European businesses and organisations are facing an increase in state-originated cyberespionage attacks, predominantly from Russian or Chinese sources, which have escalated since the Ukrainian war. Key statistics of state cyberespionage include:
In 2022, 77% of state cyberattacks involved espionage operations. (source: cfr.org/cyber-operations)
9 out of 19 cyber defence operations involved China-linked groups. (source: ANSSI)
As of 2023, 83% of identified state cyberattacks are espionage-related. (source: cfr.org/cyber-operations)
The 2024 Olympics: A Forthcoming Challenge
80 critical entities are involved in the Paris 2024 Olympics, out of a total of 350 organisations. The cyber risk level may reach an unprecedented threshold during this period. European organisations, especially French ones, need to prepare now, as international state cyber threat actors might exploit this global event to conduct attacks, including cyberespionage, to destabilise the Olympics and potentially the nation’s equilibrium.
Cyber Resilience More Necessary Than Ever
European organisations must now prepare for the worst, particularly in the tense geopolitical context with the war in Ukraine and the Middle East. Strengthening cybersecurity measures is crucial. The ANSSI has announced conducting around sixty audits and distributing training kits to the 350 entities involved in the 2024 Olympics, including 210 healthcare establishments. The goal is to better identify risks and respond quickly and effectively, using “rapid remediation plans” to maximise organisational resilience and ensure continuity of operations.
