Archive for the ‘CPS Cross Post’ Category

#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365

August 13, 2013 1 comment

So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.

Oliver StickleyWith the speed Microsoft is going at these days, surely there is a solution to this and speaking to some contacts with Oliver Stickley, Microsoft helped us out.

What is Two Factor Authentication?

Single factor authentication is via a single method such as a Username and Password.

Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are.  This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.

The Solution

In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.

NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..

Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.

Three options are available:

  • Cloud IdentityOffice 365
  • Directory & Password Synchronisation
  • Federated Identity (ADFS)
    The various pros and cons of each option are described below in the video presentation.

NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.

How does it work?

As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.

Understanding Identities and Single Sign On.



Ignite Webcast – Understanding Identities and Single Sign On 

NB:   Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.).  (it is a preview after all)

Original Source:

2nd Factor Authentication Options

So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:

Phone Call & SMS

Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.


Mobile App – Windows Phone 7 & 8

If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app.  Microsoft of course support their own platforms

0c787737-55ad-4991-81af-c887758fe456 b675cbdd-f4f5-42c6-971c-1d5f8b61ab61

Mobile App – iOS / Android

The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market.  Search for Active Authentication from the Microsoft Corporation or use the links provided below.

iPhone Screens:

screen568x568 screen568x568 (1) screen568x568 (2)
Before the Microsoft re-brand iOS demonstration

iOS (iPhone / iPad) App Download:

Android Screens:

android1 Android2

Android App Download:


That’s great, how do I get started?

Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…

Login to your Office 365 admin portal, click Users and Groups:


Click the set up link shown above.

Now select the name you want to use two factor authentication with and click enable.


Please keep at least one admin account with single factor authentication whilst you are using this preview version.

NB: Admins are free to use the capability, standard users require a license.

Once you have turned it on against your admin user account.  Log out and log back in.  You will be asked to initially verify your second type of authentication.

Choose your preferred option from below:


NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:

Even though it is Windows Azure based, login with your Office 365 account details.

That is it.  You are setup and working.

Preview documentation is available on TechNet here:

    If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS ( to help you out.
    Ok, v.long post today but hopefully you will all find it useful.  Till the next time…

    Timesheet Managers in Project Server 2013

    July 29, 2013 2 comments

    Quick Recap

    One of the new features in Project Server 2013 was to do with Timesheet Managers – i.e. those that approve timesheets. In previous versions of Project Server, this was controlled via the “Accept Timesheets” permission, but the functionality has now been split out into a new section under Server Settings (PWA Settings if you haven’t added Server Settings to the Quick Launch).


    Here’s the old 2010 group permissions:


    And the new 2013 group permissions:


    There are a couple of other permissions missing from the group permissions in 2013, but I won’t cover those in this post.

    The Technet article about permissions for 2013 appears to be out of date (still listing the ‘Accept Timesheets’ permission), but it works as a good overview of the permissions required:

    Setting Permissions

    There are two methods for timesheet approval within Project Server 2013 – fixed approval, which will turn timesheets in to the resource’s designated timesheet manager, or non-fixed approval, which allows the resource to choose the next approver for the timesheet. This method allows for the approval chains that were available in Project Server 2010.


    To set up fixed approval routing – navigate to Server Settings > Timesheet Settings and Defaults and make sure you have checked the ‘Fixed Approval Routing’ option:


    When submitting a timesheet with this mode on, the submission screen will look like this:



    Disabling fixed approval routing will cause the timesheet submission screen to prompt for the next approver for the timesheet:



    Timesheet Managers

    OK, so how do people appear in the list of approvers for timesheets? Well, there’s a new menu option in Project Server 2013 under Server Settings > Timesheet Managers:


    Simply add users to this list by clicking “Add Manager:



    Setting up Multiple Approvers

    If you wanted to set up an approval chain so that you have, in effect, timesheet reviewers who then forward the timesheet on for approval, this is done via permissions. Because this is a category permission, you could control which groups of users’ timesheets can be approved or not. This might be useful if you wanted only a subset of resources to review timesheets for another set of resources. This could be useful for reviewing contractor timesheets, for example.

    Against the group that you want to have as timesheet reviewers, make sure that the ‘Approve Timesheets’ permission is NOT set for the relevant category. In my example below, this group could approve timesheets for all current and future resources (from the My Organization category).


    The above settings would make this group of users able to review all timesheets in Project Server, assuming they have been selected as the approver if you have not turned on fixed approval routing.


    Note: There does appear to be a small bug with the label when using multiple timesheet approvers at the minute. This will manifest as the following:


    The text says <% <%$Resources:PWA,ADMIN_ADDMODIFYUSER_BROWSE%>>

    Nothing to worry about, just a label bug Smile

    Project Server Start Date Reporting Quirk

    July 11, 2013 1 comment

    I came across a little possible pitfall while generating some reporting for a client, which I thought I should share with the community.


    In Microsoft Project, the Start Date in Project Information defaults to the Start Date of the first task in the plan.


    Obviously this can be changed in the Project Information so that the Start Date of the Project does not necessarily reflect the Start of the first task in the plan, or the Project Summary task.


    So which date does appears in the reporting database? Well, here are the results:

    From the MSP_EpmProject_UserView view in the reporting database


    As you can see, the date from the MSP_EpmProject_UserView displays whatever is set in the Project Information. This might cause some unexpected information in reports, so we need to expand our query to include the date from the Project Summary task:


    So, when writing the specifications for your reports, make sure you’re clear which date the client wants – it’s not unheard of having a plan created a few months in advance of the work being realistically scheduled which might cause this confusion!

    Obviously the clear process-driven workaround is to have your Project Managers ensure that the Start Date in Project Information is updated when scheduling the project!

    OLAP Cube Error – Cannot process the Project custom field

    June 27, 2013 1 comment

    Just a quick note to let you know about an error I came across today.

    In Project Server 2010, I had a field called “Objective”. This was associated with a lookup table of the same name, which was single-value select. This field was added to the Project OLAP cube, which built successfully. So far so good!

    I then changed the field type to multi-select, and left the cube to build overnight. Came back the next day to a failed OLAP build. The exact error I got in the queue was this:

    • CBS message processor failed:
    • CBSMetadataProcessingFailure (17005) – InitCustomFieldDimensions cannot process the Project custom field ‘Objective’. Details: id=’17005′ name=’CBSMetadataProcessingFailure’ uid=’c69b0459-5d1f-4d78-a410-f56cd32eca97′ QueueMessageBody=’Setting UID=00007829-4392-48b3-b533-5a5a4797e3c9 ASServerName=<SQLServer> ASDBName=OLAPCube ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=10/30/2012 00:00:00 ToDate=10/30/2012 00:00:00 HighPriority=True’ Error=’InitCustomFieldDimensions cannot process the Project custom field ‘Objective”.

    Hmmm…OK, must be the change I made to the field. I need this field to be multi-value, but I don’t necessarily need it in the cube for reporting. So, I went to remove the field from the cube but it wasn’t listed. Weird. I thought re-saving the OLAP configuration and re-building it would just flush out the field since it was no longer listed in the cube configuration. I got the same error in the queue again.

    The only fix I found for this was to re-create the OLAP cube with all of the same settings as previously, minus the “Objective” field, which I couldn’t add anyway as multi-value fields aren’t available to add to the cube.

    Hope this helps you out if you come across this error in the future.


    Edit: it seems that this was a known issue back in 2011, which hasn’t yet been fixed. More info on Brian Smith’s blog here:

    Hiding tasks from the Gantt Chart

    January 21, 2013 1 comment

    Have you ever wanted to hide tasks from the Gantt Chart? The following technique is useful for tidying up a schedule – for example, if you want to show only pertinent Gantt information for a presentation, or take a screenshot of a plan for a client that contains some internal tasks.

    To hide individual bars in the Gantt display, simply insert the “Hide Bar” field and set it to “Yes” for the requisite tasks:


    After hiding:


    You’ll notice that all incoming dependencies for the hidden bar are also hidden, so take care when looking at your predecessor/successor logic!


    Showing/hiding items from the Gantt Chart

    January 10, 2013 1 comment

    A useful little nugget about Microsoft Project that came in handy the other day is showing or hiding items from your Gantt chart. It’s as simple as this:

    In Microsoft Project right-click in the Gantt Chart and select “Gridlines”:


    To show, for example the Current Date on your Gantt, select “Current Date” and change the line type from blank to any other line style. Change the colour if required, then click “OK”.

    My example here is showing the Status Date as a red line, and the Current Date as a blue line:


    #SharePoint Integration Mode and no Data Driven Subscriptions #SP2013 #SP2010 #SSRS

    January 7, 2013 2 comments

    Just come back after the New Year and was posed with an interesting problem.

    SharePoint 2010, SSRS in integration mode but under the manage subscriptions link within a report, the Add Data Driven Subscription button was missing from the screen.


    So after some googling / binging around, I found that the answer was because we were using SQL Server 2008 Standard and Data Driver Subscriptions require the Enterprise version of SQL Server.

    Anyway, just a quick post in case I forget in future.  Useful links below:

    Although in this scenario I am talking about SQL Server 2008, the same is true of SQL Server 2008 R2.  In SQL Server 2012, Enterprise or Business Intelligence editions are required:

    Traffic light indicators for schedule

    January 2, 2013 3 comments

    One query that we receive a lot from our clients is about setting up automatic traffic light (or RAG) indicators for their project schedule. This is a very well documented request, but a recent client wanted a slight variation – the project schedule indicator to have its tolerance based on a percentage, instead of a hard-coded value. The following formula solves this issue:


    IIf([Baseline Duration]=0,"No Baseline",

    Switch([Baseline Start]=ProjDateValue(‘NA’) Or [Baseline Finish]=ProjDateValue(‘NA’),"No baseline",

    [Duration Variance]<=0,"On schedule",

    [Duration]/[Minutes per day]>([Tolerance for schedule in percent]/100)+([Baseline Duration]/[Minutes Per Day]),"Outside tolerance",

    [Duration]/[Minutes per day]<=([Tolerance for schedule in percent]/100)+([Baseline Duration]/[Minutes Per Day]),"Within tolerance"


    This is for the task schedule RAG, and will return values based on a number field called “Tolerance for schedule in Percent” to indicate whether the task duration has increased beyond its allowed tolerance.

    You will also need to set up RAG graphical indicators for this field as well, with the following values, as per the screenshot below:

    No baseline = Question Mark

    On schedule = Green

    Within tolerance = Amber

    Outside tolerance = Red


    Of course, your indicators could be different to those that I have chosen, as well as the text. Just make sure to update the formula if you want to change the returned text.

    Hopefully this will shorten your chin-scratching time when attempting to do something similar!


    #SPSUK slides: Transitioning from #SP2013 to #PS2013 for #EPM #MSProject #SharePoint

    December 9, 2012 Leave a comment

    Thank to all those who attend my presentation yesterday at SharePoint Saturday UK 2012.  There were lots of questions throughout and a thoroughly  engaged audience.


    Presentation Slides

    The slides are now uploaded here:



    Via PowerPoint (Office Web Apps / SkyDrive)



    Video Demonstration

    I also created a video of the demonstration of the day.  This is embedded as part of the presentation and is also available here:


    Transition steps from Simple to Complex in SharePoint / Project Server 2013

    Transitioning from #SP2013 to #PS2013 for Enterprise Project Management #SPSUK #MSProject #SharePoint

    November 30, 2012 3 comments

    Just a quick note to say that I will be presenting at SharePoint Saturday UK on December 8th 2012 on:

    Project Site to Project Management

    Transitioning from SharePoint to Project Server for Enterprise Project Management

    Video Title

    Session Objectives:

    After attending this session you will understand the different tools for Project Management offered with SharePoint and Project Server, including the advantages / disadvantages of each method.

    In addition you will also takeaway:

    • A high level understanding of how SharePoint / Project Server work together
    • The benefits of enterprise project management
    • Project management maturity expectations as solutions become more complex


    • What’s Project Server / Project Online
    • Understanding Project Maturity
    • Supporting Tools
    • Transition – Simple to Complex
    • Demo
    • Decisions – Where to start?
    • Conclusion

    Where, When, How?

    • Conference: SharePoint Saturday UK 2012
    • Location: Nottingham
    • Date: Saturday, 8 December 2012
    • Conference Times: 09:00 to 17:00 (GMT)
    • Presentation Time: 13:30 to 14:30
    • Presenter: Giles Hamson
    • Full Address:

    East Midlands Conference Centre
    University Park
    NG7 2RJ Nottingham
    United Kingdom

    If you see me during the day, say hello and I hope you all enjoy the conference.

    %d bloggers like this: