You are correct, it will not work. Part of the verification is URL-based; are you seeing the Microsoft-Active-Sync string with Lync? Without the option checked, it doesn't open up all access; it opens access to the sever, though, yes. What you can do is for the role you use for Lync is create an ACL that allows */Lync-server-URL-path* You can track what is needed through the user access log.
... View more