The Meeting Server supports media encryption for SIP connections including Lync calls.
This is configured in the Configuration > Call settings page in the Web Admin Interface and allows encryption to be Required, Allowed or Disabled for SIP calls made to or from the Meeting Server. Additionally, you can choose whether changes to this setting will apply to SIP calls already in progress (Apply to Active Calls button) or just future calls by using the Submit button at the end of the Call Settings page.
If encryption is set to Required then endpoints that do not support encryption will not be allowed to join calls, only endpoints supporting encryption will be allowed to join the call (TLS connections).
If encryption is set to Allowed then endpoints that do not support encryption will be allowed to join calls in addition to those endpoints supporting encryption. If an endpoint not supporting encryption joins a call with endpoints that do support encryption, then the encrypted endpoints will start receiving an icon of a padlock with a line though it in the video stream (upper right corner). This is to indicate that there are unencrypted participants in the call. Unencrypted Participants will not see the icon.
If encryption is set to Disabled then all traffic is unencrypted (TCP or UDP), endpoints supporting encryption will receive an icon of a padlock with a line though it in the video stream (upper right corner).
Note: The Cisco Meeting App does not display the encyrption icon, in any situation. However, you can check whether there are unencrypted sites in the call, by clicking on the ººº symbol and then the Info tab.