How do I federate OCS IM with Live@edu, Windows Live, or AOL?

I was asked this by a university in Missouri.  Here is the process:


Prerequisites you need before you start the provisioning process:

1) Download and read the OCS Federation provisioning guide here.

2) Next you will need only ONE of the following pieces of information (note: if you don’t know ask your Microsoft Account Manager or reseller):

Your Microsoft agreement number:

o Microsoft Volume Licensing Support: Microsoft Volume Licensing Agreement number

o Microsoft Partner Network: Headquarter partner ID

o Service Provider Licensing Agreement: Initial enrollment number

o High Volume Services: Product enrollment number

· Fully qualified domain name (FQDN) of the Access Edge service that you will be provisioning

· Session Initiation Protocol (SIP) domain(s)

· FQDNs of any additional Access Edge services

· Contact information

3) Visit this link here to submit your request.


What do I have to be aware of before I federate with AOL?

AOL requires the DNS A record of the Access Proxy service FQDN to be published in DNS in order to authenticate the public certificate.


What do I need to be aware of before I federate with Windows Live/Live@edu?

Note: The change below catches folks off guard during this process. It ONLY applies to users who have associated a domain to Windows Live ID which typically is not always a huge number of users.

Live@edu and Windows Live will require a change to existing IDs that are used to sign into Windows Live Messenger service if an ID that is associated with your Messenger service includes the same domain that you are provisioning. This change is required because by submitting a provisioning request for a domain, you are reserving that domain for your organization’s Office Communications Server instant messaging system. For example, if you request provisioning for and an existing Windows Live Messenger service account address is, the owner of that account receives a notification from Microsoft that includes instructions for changing the account address. If the ID is not changed, the owner will not be able to sign in to Windows Live Messenger until this issue is resolved.

Important: This change is required for all Windows Live accounts that use the domain for which you are requesting provisioning, regardless of whether the users of those accounts actually use Office Communications Server public IM connectivity or whether you have signed up only for a trial of public IM connectivity.

For details about the requirements and process for changing a Windows Live ID, see Important Changes to Windows Live Messenger at

Does everyone get notified of this change?

No, only users who have associated their domain (e.g. to a Windows Live ID.


Can I get a list beforehand of who has associated their domain to a Windows Live ID?

No, your Windows Live ID is considered private and personal information.


After I submit a request what happens?

1. The public IM service provider completes steps specific to its service.

2. After a public IM provider completes the provisioning process for your account, the account is activated, and your eligible users are enabled for public IM connectivity with that provider.

3. When all requested public IM providers complete their provisioning, Microsoft sends a notice of completion to you.


How long does it take to complete a request?

Typically 30 days turnaround.


What I can I do with commercial IM federation?

Presence and Instant messaging currently.  Federated Video and audio do not work currently with commercial IM systems. It does work with other OCS federated entities.


What if I want to federate with Yahoo IM?

An Office Communications Server Public IM Connectivity license is required for federation with Yahoo!. Currently, Office Communications Server Public IM Connectivity licenses are available for purchase only on a Volume Licensing agreement under an Enterprise, Select, or Open Value program. For details and pricing information, contact your LAR or reseller.

Comments (3)

  1. markga says:


    Typically, your live@edu domain is something like: for students on Live@edu

    and for faculty and staff

    When you federate OCS with Windows Live/Live@edu and you use as your OCS SIP domain, you ONLY have to evict the users who have associated to a Windows LiveID. This number is usually low from what I have seen with edu customers. We do not evict/impact the Live@edu domain.

    Federation works based on SIP domain – when you configure federation and someone IMs a user on a commerical IM system the SIP traffic is routed correctly based on SRV records in DNS.

  2. mw says:

    So, we run OCS onsite for staff with as the SIP domain, our students are in live@edu and their LiveID’s are When we reserved our domain for Live@Edu email we had to evict a few hundred users in order to create the 10’s of thousands of student email accounts.

    How does this fit with the point above about federating OCS to Live@Edu and having to evict people – have we already done this in effect?

    How does federated IM traffic understand which system (the onsite staff one, or offsite Live@Edu student system) messages should be delivered in a split/shared domain scenario – it’s not like MTA’s in the email world with mail routing tables.

  3. mw says:

    Sorry, that isnt going to work for us (and others) that have setup a "shared" mail domain then. Both live@edu and onsite exchange use the *same* domain and this is a scenario MS support – however looks like choosing that route will make it impossible to federate IM from onsite OCS to live@edu.

    The staff/student mail is seperated using our onsite MTA, there's no equivalent for IM's that I am aware of? We would have to make the live@edu users SIP addresses use the "hidden" domain tenancy address that they have (but they don't know about, tis used just for us routing mail to them – (it is NOT their LiveID or outgoing mail address – they are both, which would be plain akward to explain (if even possible).

Skip to main content