One of the coolest new Lync features is that you can now do A/V federation with Windows Live users, but you'll find this does not work out of the box. First of all, your organization must complete the Public IM Connectivity provisioning process. After that, there are two modifications required even if you've enabled Public IM connectivity for the external access policy assigned to users.
First, there is a hidden parameter allowing A/V federation to PIC only available through the Lync Management Shell. This example modifies the global policy to allow both Public IM and Public IM A/V traffic so change the scope appropriately if you're limiting by site or users.
Set-CsExternalAccessPolicy Global -EnablePublicCloudAccess $true -EnablePublicCloudAudioVideoAccess $true
Secondly, the Windows Live network does not support SRTP encryption of the audio/video traffic, but Lync requires this encryption by default. We need to change Lync to support encryption instead of require it. Once that change is made Lync will prefer encrypted sessions and still negotiate those first, but will allow unencrypted media to be exchanged if it can't agree on encryption. The other Lync default is to only allow VGA video quality, but you can do 720p to Windows Live if both endpoints support it. This example changes the media encryption and video quality at the global level.
Set-CsMediaConfiguration Global -EncryptionLevel SupportEncryption -MaxVideoRateAllowed Hd720p15M
That change should be picked up within 5 minutes on the Front-End. After that, sign out of your Lync client and back in. You can verify the change by holding down the CTRL key, right-clicking the Lync task tray icon, and selecting Configuration Information. The PC to PC AV Encryption should say "AV Encryption Supported" now.
If you don't make this change you'll see an error on Front-End servers when trying to initiate an A/V call that the encryption levels don't match:
Start-Line: SIP/2.0 488 Not Acceptable Here
From: "Eddie Vedder"<sip:firstname.lastname@example.org>;tag=ed272dd714;epid=8e3ef28192
To: <sip:email@example.com;mepid=F6333909B2AE4F60A2553FA59913B0A8>; tag=ab1e5513de
USER-AGENT: UCCAPI/4.0.7440.0 WLM/15.4.3502.0922 (Windows Live Messenger)
ms-client-diagnostics: 52017;reason="Encryption levels dont match"
Also, keep in mind the Windows Live user must be using the Windows Live Messenger 2011 version to support Lync A/V federation. When you're connecting a call the Windows Live client will recognize that you're connecting to Lync: