Microsoft is set to end extended support for Skype for Business Server (2015 and 2019) on 14 October 2025. From that point onwards, organisations will need to choose between migrating to a more costly, cloud-based solution or taking the opportunity to adopt a certified, European on-premise alternative.
A strategic and technological turning point
The upcoming end of support for Skype for Business Server marks a pivotal moment for companies and public sector bodies that had opted for an on-premise communications infrastructure, outside the major public cloud ecosystems.
In light of this change, customers are being steered towards Microsoft Teams – a cloud-based solution described by Microsoft as the “simplest alternative” – but one that is far from the most secure. This transition introduces both technological and legal dependency on cloud infrastructure governed by US legislation.
For those seeking to retain a Microsoft on-premise solution, the shift now presents a real strategic and operational challenge. Significant migration costs, licensing changes, and limited technical support make this option increasingly complex and difficult to sustain economically.
However, other viable alternatives do exist.
Switching tools without compromising your standards
A rapid move to Microsoft Teams might seem like the natural choice. However, this transition entails a number of risks:
Data hosted on US-based cloud services, subject to the Cloud Act (allowing US authorities to access user data under certain conditions),
Complicated access governance and auditability,
Unpredictable feature changes,
Reduced technical independence.
For organisations required to comply with regulations like NIS 2 or DORA – or those looking to bolster their digital sovereignty – migrating to Teams may raise more concerns than it resolves.
Deploying a new, on-premise communications platform that aligns with your organisation’s requirements in terms of security, sovereignty, and compliance could be the better route.
Why Stick With an On-Premise Communications Model?
Maintaining an on-premise solution addresses fundamental organisational needs – beyond just technical architecture. Key advantages include:
A bespoke setup tailored to your IT infrastructure and internal requirements,
Complete control over data, ensuring full GDPR compliance: local hosting, oversight of data flows and metadata, managed retention of content and access logs,
Strengthened security through system isolation – particularly valuable in sensitive or classified environments (e.g., defence, industry, energy, finance),
Business continuity, even without internet access or during cyber incidents,
When identifying a suitable replacement for Skype for Business Server, consider these essential criteria:
Secure by Design
Security must be embedded from day one. The architecture should be based on a Secure by Design approach – with no open inbound network ports, proactive vulnerability management, strong authentication, and detailed access control.
A reliable communications platform must also offer end-to-end encryption across all streams: audio, video, messaging, and file sharing.
Technological Sovereignty
The alternative should minimise reliance on foreign technology – especially solutions exposed to extraterritorial laws like the US Cloud Act – particularly for core components.
Opting for a proprietary solution developed by a European company – with R&D, ownership, capital, and support all based within Europe – significantly enhances trust and security. Independence from non-European providers ensures full control over infrastructure.
Regulatory Compliance
The platform must be fully compliant with the GDPR, both in data handling and in activity traceability. It should also support compliance with new EU regulations:
The NIS 2 Directive on cybersecurity for essential and important entities,
The DORA Regulation on digital operational resilience in the financial sector.
Deployment and Interoperability
Integration and interoperability must not be overlooked. The chosen solution should connect with existing infrastructure, support standard protocols (e.g., SIP, H.323), and offer APIs or connectors to facilitate integration into your information system.
Straightforward deployment is a major advantage, especially in complex or high-security environments.
Tixeo: a sovereign, secure, and european alternative
Tixeo is a secure video conferencing solution developed in Europe, designed to meet the highest standards of security, digital sovereignty, and regulatory compliance.
It now offers a credible and proven alternative to Skype for Business Server – especially for organisations determined to retain control over their strategic communications.
With fully proprietary technology, CSPN certification from ANSSI, and full on-premise deployment capabilities (via TixeoServer) – including in air-gapped or isolated environments – Tixeo offers:
Secure by Design architecture,
End-to-end multipoint encryption,
Fine-grained access control,
Interoperability with SIP and H.323 telephony systems,
Support for GDPR, NIS 2, and DORA compliance,
Simplified and secure on-premise deployment, with only one open port and no listening ports on workstations.
Tixeo’s on-premise model: meeting your strategic needs
Your Challenge
Tixeo’s Response
End of Skype for Business Server
Smooth migration to a sovereign on-premise solution
100% European-owned solution, with no third-party dependencies
Trusted by Governments, Defence and Critical Industries
Already adopted by ministries, defence agencies, financial institutions, and critical industries, Tixeo has become the strategic choice for organisations wanting to secure their most sensitive communications – without compromising on sovereignty.
Staying the course in uncertain times
Amid rising geopolitical tensions, escalating cyberthreats, and renewed focus on digital sovereignty, selecting a communications platform is no longer a technical afterthought – and “cloud-only” is no longer the only viable model.
The end of Skype for Business Server support presents a timely opportunity to rethink your communications infrastructure to:
Strengthen your cybersecurity posture,
Regain control over your data,
Ensure long-term digital autonomy.
For over two decades, Tixeo has embodied this vision – offering a sovereign, robust, and trusted solution.
The year 2024 will be marked by several significant political and geopolitical events that will have repercussions in cyberspace. What are they, and what are the cybersecurity risks?
The 2024 political elections
As the war in Ukraine and the Israeli-Palestinian conflict continue towards the end of 2023, major political elections will mark the year 2024 and cyberspace.
The presidential election in Taiwan
On 13 January 2024, the presidential election in Taiwan took place. This event was under close surveillance as the candidate from the ruling party (Democratic Progressive Party), whom China strongly opposes, was favoured by a divided Taiwanese opposition. The United States was also paying close attention to the situation, at a time when tensions with the People’s Republic of China were intensifying. The opposition parties, namely the Kuomintang and the Taiwan People’s Party (TPP), were said to be “in favour of easing relations with Beijing.” The result of the election saw the ruling party’s candidate securing a decisive victory, further cementing the Democratic Progressive Party’s position in Taiwan’s political landscape.
The U.S. presidential election
On November 5, 2024, the new U.S. president will be elected. This election has significant geopolitical implications, with the likely candidacy of former President Donald Trump. Should he win, his positions regarding the war in Ukraine or his repeatedly expressed desire to leave NATO would cause global upheavals.
The european elections
In Europe, from June 6 to 9, 2024, the European elections will take place. Over 705 Members of the European Parliament will be elected to represent the citizens of the 27 EU member states. Voters are called to mobilize for this election, which could lead to a historic reorganization of political alliances within the European Parliament.
UK General Elections
On July 4, 2024, the UK general elections could see the Labour Party return to power after 14 years in opposition. A month before the election, the party led by Keir Starmer is leading the polls with around 45% of the vote, far ahead of Rishi Sunak’s Conservatives, who are polling between 20% and 25%.
The 2024 Olympic Games
The Paris 2024 Olympic Games will be held from July 26 to August 11. This sporting event is also a geopolitical event that will greatly increase the visibility of the French capital and the country as a whole. Authorities have already warned of an unprecedented increase in the level of risk of cyberattacks during the preparation and launch period of the Olympics.
Repercussions in cyberspace in 2024
These geopolitical events provide opportunities for cyber attackers to conduct large-scale operations, leading to a likely increase in the alert level for nations and organizations, especially in critical sectors.
Three main types of cyber threats
Often state-sponsored or para-state in origin, these cyber threats can be classified into three main categories.
Espionage
Cyber espionage involves stealing confidential and sensitive data, sometimes classified, from a nation or organization. This could involve intercepting information about an upcoming election to learn the outcome or harming a company’s competitive advantage. A company’s intellectual property, as well as a nation’s scientific and technical potential, can also be at stake.
Sabotage
Some cyberattacks aim to sabotage a major event, infrastructure, or a country’s critical installation. They may target computer and communication systems, networks, or databases, disrupting their proper functioning or causing irreversible damage. The goal is to harm the security and economy of a nation. Activism can also be a cause of sabotage, for example, during the Olympics, to disrupt the events of a particular country. Sabotage generally results in temporarily or permanently ending an activity and leads to severe financial losses.
Known example of sabotage: Stuxnet. Discovered in 2010, this computer worm targeted and sabotaged centrifuges used for uranium enrichment in Iran. The virus was programmed to change the machines’ speed while displaying normal data to operators, causing irreversible material damage.
Subversion
Particularly used during electoral periods, subversion aims to weaken confidence in a personality, political party, or institution to influence public opinion. Disinformation campaigns, especially on social media or via the media, are the most visible part. On a national scale, subversion leads to political instability. In companies, it can lead to governance disruptions.
Example of subversion: the Hillary Clinton email affair. In 2015, The New York Times reported that Hillary Clinton used a personal email address for official communications while she was Secretary of State of the United States. This revelation raised questions about the protection of classified information. Just days before the 2016 presidential election, the FBI announced it was reopening the investigation after discovering new emails on the computer of the husband of one of Clinton’s aides. A major controversy that may have influenced the election outcome.
Other units active in subversion include UNC1151. Linked to the Belarusian government, the group conducts online disinformation operations to discredit NATO in the Baltic states. Since 2017, the Ghostwriter campaign has been spreading fake news hostile to the Atlantic Alliance, particularly regarding the deployment of nuclear weapons.
The hack and leak phenomenon
The “hack and leak” phenomenon involves cyber attackers obtaining data, through cyber espionage, for example, and immediately leaking it online. Generally used in disinformation operations, hack and leak is a method of subversion with political consequences.
Known example of hack and leak: In France, two days before the second round of the 2017 presidential election, the “Macron Leaks” affair occurred. Documents related to Emmanuel Macron and his movement En Marche! appeared online. The campaign team confirmed that fake documents were mixed with real ones, aiming for disinformation.
Increased vigilance for nations and organizations
In summary, in 2024, economic and geopolitical uncertainty, along with major political upheavals, expose nations and organizations to significant cyber risks.
Measures to strengthen cybersecurity and cyber resilience will be crucial. The mandatory implementation of the NIS 2 regulation within EU member states by the end of the year will be beneficial. However, the time between the obligation and regulatory compliance will take time for organizations.
From now on, companies and public administrations must double their efforts to prepare for these important international events and strengthen their digital operational resilience in the face of potential crises.
European businesses and organisations are facing an increase in state-originated cyberespionage attacks, predominantly from Russian or Chinese sources, which have escalated since the Ukrainian war. Key statistics of state cyberespionage include:
In 2022, 77% of state cyberattacks involved espionage operations. (source: cfr.org/cyber-operations)
9 out of 19 cyber defence operations involved China-linked groups. (source: ANSSI)
As of 2023, 83% of identified state cyberattacks are espionage-related. (source: cfr.org/cyber-operations)
The 2024 Olympics: A Forthcoming Challenge
80 critical entities are involved in the Paris 2024 Olympics, out of a total of 350 organisations. The cyber risk level may reach an unprecedented threshold during this period. European organisations, especially French ones, need to prepare now, as international state cyber threat actors might exploit this global event to conduct attacks, including cyberespionage, to destabilise the Olympics and potentially the nation’s equilibrium.
Cyber Resilience More Necessary Than Ever
European organisations must now prepare for the worst, particularly in the tense geopolitical context with the war in Ukraine and the Middle East. Strengthening cybersecurity measures is crucial. The ANSSI has announced conducting around sixty audits and distributing training kits to the 350 entities involved in the 2024 Olympics, including 210 healthcare establishments. The goal is to better identify risks and respond quickly and effectively, using “rapid remediation plans” to maximise organisational resilience and ensure continuity of operations.