For Lync Online Users and Administrators, you have found that your Session Initiation Protocol (SIP) sign-in address is required, such as firstname.lastname@example.org along with login information which is typically the same User Principal Name (UPN) Fully Qualified Domain Name (FQDN), such as email@example.com along with password. What many users and administrators don know is that during this login process by the Lync Client, the Lync Online Service generates and gives the logged on user an online end-user personal certificate, which is used as part of the authentication and connection process.
Note – This end-user certificate can be found within IE –> Tools –> Content –> Certificates –> Personal location. This certificate has a 180 day expiration and is required as part of the connection and authentication process. Any Online/On-Premises administrators who run a “tight ship” in regards to whether users can be granted personal certificates, need to keep this online certificate requirement in mind and not block this process, otherwise the Lync client will not be able to login to the Lync Online Services.
Login & Connection Requirements