#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365
So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.
What is Two Factor Authentication?
Single factor authentication is via a single method such as a Username and Password.
Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are. This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.
In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.
NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..
Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.
Three options are available:
- The various pros and cons of each option are described below in the video presentation.
NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.
How does it work?
As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.
NB: Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.). (it is a preview after all)
2nd Factor Authentication Options
So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:
Phone Call & SMS
Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.
Mobile App – Windows Phone 7 & 8
If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app. Microsoft of course support their own platforms
- Release Details: PhoneFactor Extends Comprehensive Line of Authentication Solutions with App for Windows Phone
- App Download Link: http://www.windowsphone.com/en-gb/store/app/multi-factor-auth/0a9691de-c0a1-44ee-ab96-6807f8322bd1
- NB: Apps were originally called PhoneFactor but are now called Active Authentication
- Name Change Details: PhoneFactor Becomes Windows Azure Active Authentication
Mobile App – iOS / Android
The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market. Search for Active Authentication from the Microsoft Corporation or use the links provided below.
iOS (iPhone / iPad) App Download: https://itunes.apple.com/gb/app/active-authentication/id475844606?mt=8
Android App Download: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en
That’s great, how do I get started?
Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…
Login to your Office 365 admin portal, click Users and Groups:
Click the set up link shown above.
Now select the name you want to use two factor authentication with and click enable.
Please keep at least one admin account with single factor authentication whilst you are using this preview version.
NB: Admins are free to use the capability, standard users require a license.
Once you have turned it on against your admin user account. Log out and log back in. You will be asked to initially verify your second type of authentication.
Choose your preferred option from below:
NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:
Even though it is Windows Azure based, login with your Office 365 account details.
That is it. You are setup and working.
Preview documentation is available on TechNet here:
- If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS (http://www.cps.co.uk) to help you out.
- Ok, v.long post today but hopefully you will all find it useful. Till the next time…