I ran across a nice little change from previous versions of Communicator today when playing around with the Lync client. If the zone of the SRV record for automatic sign-in does not match the zone of the host record it points to, the user will be prompted if they really want to connect to the server.
For example, my host record here is fepool.ptown.local, but my SRV record for automatic sign-in is _sipinternaltls._tcp.confusedamused.com, which points to fepool.ptown.local as the host providing the service. When signing in, the user is presented with this dialog:
Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?
By default in earlier versions of the product the client would be unable to connect unless an administrator had disabled strict name checking on the client workstation. In the end, I'm not sure how valuable this change is. It's usually not a big deal to add another host record to the zone to correct the error.