Sure, but the compliance requirement is that logs need to be automatically exported and archived by the IT department, without an option for the user to avoid giving logs. What does E2E benefit you at that point? The message contents, which are what E2E protects, are being copied off to some separate server.
(I'd buy the argument "You should design all your protocols E2E first, and then add logging/escrow, instead of designing them less secure and bolting E2E on later," but Skype for Business already exists without E2E so that's a lost cause in this particular case.)
Oh, that makes sense. What does it currently use to authenticate between businesses - MS accounts or public PKI or something? Or is it trust-on-first-use?
I'm having trouble finding all the docs for setting up Skype for Business federation but it looks like the latter. Since "end" here I think means the business and not the individual user account (for the same reason - all the compliance logs, all the password reset abilities, etc. applies to conversations with other businesses), if they do trust-on-first-use certificate validation of the other business, isn't that already as E2E as you're going to get?
