#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365

So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.

With the speed Microsoft is going at these days, surely there is a solution to this and speaking to some contacts with Oliver Stickley, Microsoft helped us out.

What is Two Factor Authentication?

Single factor authentication is via a single method such as a Username and Password.

Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are.  This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.

The Solution

In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.

NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..

Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.

Three options are available:

• Cloud Identity
• Directory & Password Synchronisation
• Federated Identity (ADFS)

The various pros and cons of each option are described below in the video presentation.

NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.

How does it work?

As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.

Understanding Identities and Single Sign On.

 

Ignite Webcast – Understanding Identities and Single Sign On 

NB:   Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.).  (it is a preview after all)

Original Source: http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2013/02/07/understand-identities-and-single-sign-on-with-our-upcomoing-ignite-webcast.aspx

2nd Factor Authentication Options

So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:

Phone Call & SMS

Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.

Mobile App – Windows Phone 7 & 8

If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app.  Microsoft of course support their own platforms

• Release Details: PhoneFactor Extends Comprehensive Line of Authentication Solutions with App for Windows Phone
• App Download Link: http://www.windowsphone.com/en-gb/store/app/multi-factor-auth/0a9691de-c0a1-44ee-ab96-6807f8322bd1
• NB: Apps were originally called PhoneFactor but are now called Active Authentication
• Name Change Details: PhoneFactor Becomes Windows Azure Active Authentication

Mobile App – iOS / Android

The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market.  Search for Active Authentication from the Microsoft Corporation or use the links provided below.

iPhone Screens:

Demonstration:

 

Before the Microsoft re-brand iOS demonstration

iOS (iPhone / iPad) App Download: https://itunes.apple.com/gb/app/active-authentication/id475844606?mt=8

Android Screens:

Android App Download: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en

 

That’s great, how do I get started?

Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…

Login to your Office 365 admin portal, click Users and Groups:

Click the set up link shown above.

Now select the name you want to use two factor authentication with and click enable.

Please keep at least one admin account with single factor authentication whilst you are using this preview version.

NB: Admins are free to use the capability, standard users require a license.

Once you have turned it on against your admin user account.  Log out and log back in.  You will be asked to initially verify your second type of authentication.

Choose your preferred option from below:

NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:

• https://account.activedirectory.windowsazure.com/proofup.aspx

Even though it is Windows Azure based, login with your Office 365 account details.

That is it.  You are setup and working.

Preview documentation is available on TechNet here:

• http://technet.microsoft.com/en-us/library/dn249471.aspx

If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS (http://www.cps.co.uk) to help you out.

Ok, v.long post today but hopefully you will all find it useful.  Till the next time…

via SharePoint (and Project Server) Shenanigans http://spandps.com/2013/08/13/office365-two-factor-authentication-preview-phone-factor-o365/

Giles Hamson has been working with collaboration technologies since 2001 and has been implementing SharePoint solutions from 2004; starting with SharePoint Portal Server 2003 whilst working in the Microsoft Dynamics division in Reading, UK. Giles has worked in multiple roles throughout his career working as a business analyst, moving into system analysis and development roles. After gaining experience across Linux, Solaris and Microsoft disciplines, Giles moved into consultancy within the education market creating learning platform solutions based on SharePoint and integration with 3rd party vendors. After several successful implementations Giles moved into consultancy in SharePoint and Project Server across multiple industry verticals. This article has been cross posted from www.spandps.com (original article)