Home > CPS Cross Post, Giles Hamson, Work > #Office365 Two Factor Authentication (Preview) (Phone Factor) #O365

#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365

So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.

Oliver StickleyWith the speed Microsoft is going at these days, surely there is a solution to this and speaking to some contacts with Oliver Stickley, Microsoft helped us out.

What is Two Factor Authentication?

Single factor authentication is via a single method such as a Username and Password.

Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are.  This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.

The Solution

In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.

NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..

Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.

Three options are available:

  • Cloud IdentityOffice 365
  • Directory & Password Synchronisation
  • Federated Identity (ADFS)
    The various pros and cons of each option are described below in the video presentation.

NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.

How does it work?

As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.

Understanding Identities and Single Sign On.

 

Powerpoint-2013

Ignite Webcast – Understanding Identities and Single Sign On 

NB:   Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.).  (it is a preview after all)

Original Source: http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2013/02/07/understand-identities-and-single-sign-on-with-our-upcomoing-ignite-webcast.aspx

2nd Factor Authentication Options

So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:

Phone Call & SMS

Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.

image

Mobile App – Windows Phone 7 & 8

If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app.  Microsoft of course support their own platforms

0c787737-55ad-4991-81af-c887758fe456 b675cbdd-f4f5-42c6-971c-1d5f8b61ab61

Mobile App – iOS / Android

The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market.  Search for Active Authentication from the Microsoft Corporation or use the links provided below.

iPhone Screens:

screen568x568 screen568x568 (1) screen568x568 (2)
Demonstration:
 
Before the Microsoft re-brand iOS demonstration

iOS (iPhone / iPad) App Download: https://itunes.apple.com/gb/app/active-authentication/id475844606?mt=8

Android Screens:

android1 Android2

Android App Download: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en

 

That’s great, how do I get started?

Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…

Login to your Office 365 admin portal, click Users and Groups:

image

Click the set up link shown above.

Now select the name you want to use two factor authentication with and click enable.

image

Please keep at least one admin account with single factor authentication whilst you are using this preview version.

NB: Admins are free to use the capability, standard users require a license.

Once you have turned it on against your admin user account.  Log out and log back in.  You will be asked to initially verify your second type of authentication.

Choose your preferred option from below:

image

NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:

Even though it is Windows Azure based, login with your Office 365 account details.

That is it.  You are setup and working.

Preview documentation is available on TechNet here:

    If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS (http://www.cps.co.uk) to help you out.
    Ok, v.long post today but hopefully you will all find it useful.  Till the next time…
    Advertisements

    Leave a Reply

    Please log in using one of these methods to post your comment:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: