SfBS 2019 MACP – Modern Admin Control Panel

One of the significant enhancements delivered in today’s Skype for Business Server 2019 CU1 is the new “Modern Administration Control Panel” or MACP.

This is a new HTML5-based admin interface, which shares a particular visual familiarity with the SfB Online and Microsoft Teams Admin Centres – and does so without requiring Silverlight.

Thankfully it still co-exists with its long-established Silverlight equivalent the CSCP, so you can choose between them.

At this release it’s limited to only user-related admin, with more functionality to be added in future CUs.


It’s a doddle to install, as the bulk of the work is performed by the CU installer.

Just in case you took some short-cuts with that, here are the bits you need to do:

  1. install-windowsfeature ManagementOdata,Web-Lgcy-Scripting,Web-WMI,Web-Lgcy-Mgmt-Console,Web-Mgmt-Service
  2. Run bootstrapper, which is by default installed to C:\Program Files\Skype for Business Server 2019\Deployment

Done! Now just browse to https://<FQDN>/macp (if a Standard Edition), or to the internal web services URL with a “/macp” on the end.

User Pre-Req’s

Your admin user needs a few pre-req’s before they can sign in, and you might not be able to use your existing Admin account.

An MACP Admin needs to:

  • be SIP-enabled
  • have their UPN = their SIP address. [This earlier requirement MAY have been dropped at release. I’ll update the post once I can clarify this]
  • belong to the CsAdministrator group

If your account doesn’t meet all those criteria you’ll receive an error message when you try to sign in. See “Troubleshooting” below for some guidance there.

Browser support

  • Microsoft Edge (version >= 44.17763.1.0 is recommended)
  • Google Chrome (version >= 72.0.3626.121 is recommended)
  • Mozilla Firefox (version >= 65.0.2 is recommended)

I’ve used IE11 on Windows 10 and Server 2016 and other than a failure to signin (or throw an error) if your SIP address <> your UPN, it appears to be OK – it’s just untested/uncertified.


Depending on your setup, the MACP may throw the odd red herring at you.

“Exception : Invalid user credentials : User is not an administrator”

Chrome and Edge on my Windows 10 workstation both threw this error. My user WAS correctly an admin, however their SIP and UPN didn’t match.

Otherwise, your user might not belong to the csAdministrator group!

“Exception : Invalid user credentials : No valid Security Token”

Bad username or password.



IE11 did this when I had the same scenario as above – UPN <> SIP Adddress. Try a different user. (NB: IE isn’t a supported browser.)



I really like the new MACP and I can’t wait more of the old CSCP’s functionality to be added in future updates.

Revision History

12th July 2019. This is the initial publication.


– G.


  1. https:///macp
    https:///macp or /cscp

    Did anybody try to figure out why accessing these by simple url works only from localhost (RDP to FE) and not from wherever on the network? Of course simple url’s DNS record resolves to Sfb FE. Credential popup pops up, but nothing happens afterward if using simple url from workstation or terminal server for example.

    I was analyzing URL Rewrite on IIS for Sfb Internal Web Site, but could not figure out where the catch is…

  2. I don’t suppose there is a way to switch from the Forms based Auth to just regular SSO/WindowsAuth?

    Also pretty annoying that the simply Skype admin url doesn’t work, and that it has to be the internal web service url. what’s up with dat.

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.