Archive
#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365
So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.
With the speed Microsoft is going at these days, surely there is a solution to this and speaking to some contacts with Oliver Stickley, Microsoft helped us out.
What is Two Factor Authentication?
Single factor authentication is via a single method such as a Username and Password.
Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are. This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.
The Solution
In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.
NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..
Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.
Three options are available:
- Cloud Identity
- Directory & Password Synchronisation
- Federated Identity (ADFS)
- The various pros and cons of each option are described below in the video presentation.
NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.
How does it work?
As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.
Ignite Webcast – Understanding Identities and Single Sign On
NB: Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.). (it is a preview after all)
2nd Factor Authentication Options
So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:
Phone Call & SMS
Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.
Mobile App – Windows Phone 7 & 8
If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app. Microsoft of course support their own platforms
 |
 |
- Release Details: PhoneFactor Extends Comprehensive Line of Authentication Solutions with App for Windows Phone
- App Download Link: http://www.windowsphone.com/en-gb/store/app/multi-factor-auth/0a9691de-c0a1-44ee-ab96-6807f8322bd1
- NB: Apps were originally called PhoneFactor but are now called Active Authentication
- Name Change Details: PhoneFactor Becomes Windows Azure Active Authentication
Mobile App – iOS / Android
The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market. Search for Active Authentication from the Microsoft Corporation or use the links provided below.
iPhone Screens:
 |
 |
 |
iOS (iPhone / iPad) App Download: https://itunes.apple.com/gb/app/active-authentication/id475844606?mt=8
Android Screens:
 |
 |
Android App Download: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en
That’s great, how do I get started?
Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…
Login to your Office 365 admin portal, click Users and Groups:
Click the set up link shown above.
Now select the name you want to use two factor authentication with and click enable.
Please keep at least one admin account with single factor authentication whilst you are using this preview version.
NB: Admins are free to use the capability, standard users require a license.
Once you have turned it on against your admin user account. Log out and log back in. You will be asked to initially verify your second type of authentication.
Choose your preferred option from below:
NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:
Even though it is Windows Azure based, login with your Office 365 account details.
That is it. You are setup and working.
Preview documentation is available on TechNet here:
- If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS (http://www.cps.co.uk) to help you out.
- Ok, v.long post today but hopefully you will all find it useful. Till the next time…
Timesheet Managers in Project Server 2013
Quick Recap
One of the new features in Project Server 2013 was to do with Timesheet Managers – i.e. those that approve timesheets. In previous versions of Project Server, this was controlled via the “Accept Timesheets” permission, but the functionality has now been split out into a new section under Server Settings (PWA Settings if you haven’t added Server Settings to the Quick Launch).
Here’s the old 2010 group permissions:
And the new 2013 group permissions:
There are a couple of other permissions missing from the group permissions in 2013, but I won’t cover those in this post.
The Technet article about permissions for 2013 appears to be out of date (still listing the ‘Accept Timesheets’ permission), but it works as a good overview of the permissions required:
http://technet.microsoft.com/en-us/library/cc197631(v=office.15).aspx
Setting Permissions
There are two methods for timesheet approval within Project Server 2013 – fixed approval, which will turn timesheets in to the resource’s designated timesheet manager, or non-fixed approval, which allows the resource to choose the next approver for the timesheet. This method allows for the approval chains that were available in Project Server 2010.
To set up fixed approval routing – navigate to Server Settings > Timesheet Settings and Defaults and make sure you have checked the ‘Fixed Approval Routing’ option:
When submitting a timesheet with this mode on, the submission screen will look like this:
Disabling fixed approval routing will cause the timesheet submission screen to prompt for the next approver for the timesheet:
Timesheet Managers
OK, so how do people appear in the list of approvers for timesheets? Well, there’s a new menu option in Project Server 2013 under Server Settings > Timesheet Managers:
Simply add users to this list by clicking “Add Manager:
Setting up Multiple Approvers
If you wanted to set up an approval chain so that you have, in effect, timesheet reviewers who then forward the timesheet on for approval, this is done via permissions. Because this is a category permission, you could control which groups of users’ timesheets can be approved or not. This might be useful if you wanted only a subset of resources to review timesheets for another set of resources. This could be useful for reviewing contractor timesheets, for example.
Against the group that you want to have as timesheet reviewers, make sure that the ‘Approve Timesheets’ permission is NOT set for the relevant category. In my example below, this group could approve timesheets for all current and future resources (from the My Organization category).
The above settings would make this group of users able to review all timesheets in Project Server, assuming they have been selected as the approver if you have not turned on fixed approval routing.
Note: There does appear to be a small bug with the label when using multiple timesheet approvers at the minute. This will manifest as the following:
The text says <% <%$Resources:PWA,ADMIN_ADDMODIFYUSER_BROWSE%>>
Nothing to worry about, just a label bug 
Project Server Start Date Reporting Quirk
I came across a little possible pitfall while generating some reporting for a client, which I thought I should share with the community.
In Microsoft Project, the Start Date in Project Information defaults to the Start Date of the first task in the plan.
Obviously this can be changed in the Project Information so that the Start Date of the Project does not necessarily reflect the Start of the first task in the plan, or the Project Summary task.
So which date does appears in the reporting database? Well, here are the results:
From the MSP_EpmProject_UserView view in the reporting database
As you can see, the date from the MSP_EpmProject_UserView displays whatever is set in the Project Information. This might cause some unexpected information in reports, so we need to expand our query to include the date from the Project Summary task:
So, when writing the specifications for your reports, make sure you’re clear which date the client wants – it’s not unheard of having a plan created a few months in advance of the work being realistically scheduled which might cause this confusion!
Obviously the clear process-driven workaround is to have your Project Managers ensure that the Start Date in Project Information is updated when scheduling the project!
OLAP Cube Error – Cannot process the Project custom field
Just a quick note to let you know about an error I came across today.
In Project Server 2010, I had a field called “Objective”. This was associated with a lookup table of the same name, which was single-value select. This field was added to the Project OLAP cube, which built successfully. So far so good!
I then changed the field type to multi-select, and left the cube to build overnight. Came back the next day to a failed OLAP build. The exact error I got in the queue was this:
- CBS message processor failed:
- CBSMetadataProcessingFailure (17005) – InitCustomFieldDimensions cannot process the Project custom field ‘Objective’. Details: id=’17005′ name=’CBSMetadataProcessingFailure’ uid=’c69b0459-5d1f-4d78-a410-f56cd32eca97′ QueueMessageBody=’Setting UID=00007829-4392-48b3-b533-5a5a4797e3c9 ASServerName=<SQLServer> ASDBName=OLAPCube ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=10/30/2012 00:00:00 ToDate=10/30/2012 00:00:00 HighPriority=True’ Error=’InitCustomFieldDimensions cannot process the Project custom field ‘Objective”.
Hmmm…OK, must be the change I made to the field. I need this field to be multi-value, but I don’t necessarily need it in the cube for reporting. So, I went to remove the field from the cube but it wasn’t listed. Weird. I thought re-saving the OLAP configuration and re-building it would just flush out the field since it was no longer listed in the cube configuration. I got the same error in the queue again.
The only fix I found for this was to re-create the OLAP cube with all of the same settings as previously, minus the “Objective” field, which I couldn’t add anyway as multi-value fields aren’t available to add to the cube.
Hope this helps you out if you come across this error in the future.
Lester
Edit: it seems that this was a known issue back in 2011, which hasn’t yet been fixed. More info on Brian Smith’s blog here: http://blogs.msdn.com/b/brismith/archive/2011/02/04/project-server-2010-take-care-changing-custom-fields-to-allow-multiple-values.aspx
Hiding tasks from the Gantt Chart
Have you ever wanted to hide tasks from the Gantt Chart? The following technique is useful for tidying up a schedule – for example, if you want to show only pertinent Gantt information for a presentation, or take a screenshot of a plan for a client that contains some internal tasks.
To hide individual bars in the Gantt display, simply insert the “Hide Bar” field and set it to “Yes” for the requisite tasks:
After hiding:
You’ll notice that all incoming dependencies for the hidden bar are also hidden, so take care when looking at your predecessor/successor logic!
Lester
Showing/hiding items from the Gantt Chart
A useful little nugget about Microsoft Project that came in handy the other day is showing or hiding items from your Gantt chart. It’s as simple as this:
In Microsoft Project right-click in the Gantt Chart and select “Gridlines”:
To show, for example the Current Date on your Gantt, select “Current Date” and change the line type from blank to any other line style. Change the colour if required, then click “OK”.
My example here is showing the Status Date as a red line, and the Current Date as a blue line:
#SharePoint Integration Mode and no Data Driven Subscriptions #SP2013 #SP2010 #SSRS
Just come back after the New Year and was posed with an interesting problem.
SharePoint 2010, SSRS in integration mode but under the manage subscriptions link within a report, the Add Data Driven Subscription button was missing from the screen.
So after some googling / binging around, I found that the answer was because we were using SQL Server 2008 Standard and Data Driver Subscriptions require the Enterprise version of SQL Server.
Anyway, just a quick post in case I forget in future. Useful links below:
- SSRS Feature Support – Integration Mode: http://msdn.microsoft.com/en-us/library/bb326290(v=sql.100).aspx
- How to use Data Driven Subscriptions within SharePoint: http://blogs.devhorizon.com/reza/2008/10/26/ssrsdata-driven-subscriptions-in-integrated-mode-part-1/
- Required versions for Data Driven Subscription support: http://msdn.microsoft.com/en-us/library/ms159150(v=sql.100).aspx
Although in this scenario I am talking about SQL Server 2008, the same is true of SQL Server 2008 R2. In SQL Server 2012, Enterprise or Business Intelligence editions are required:
Traffic light indicators for schedule
One query that we receive a lot from our clients is about setting up automatic traffic light (or RAG) indicators for their project schedule. This is a very well documented request, but a recent client wanted a slight variation – the project schedule indicator to have its tolerance based on a percentage, instead of a hard-coded value. The following formula solves this issue:
IIf([Baseline Duration]=0,"No Baseline",
Switch([Baseline Start]=ProjDateValue(‘NA’) Or [Baseline Finish]=ProjDateValue(‘NA’),"No baseline",
[Duration Variance]<=0,"On schedule",
[Duration]/[Minutes per day]>([Tolerance for schedule in percent]/100)+([Baseline Duration]/[Minutes Per Day]),"Outside tolerance",
[Duration]/[Minutes per day]<=([Tolerance for schedule in percent]/100)+([Baseline Duration]/[Minutes Per Day]),"Within tolerance"
))
This is for the task schedule RAG, and will return values based on a number field called “Tolerance for schedule in Percent” to indicate whether the task duration has increased beyond its allowed tolerance.
You will also need to set up RAG graphical indicators for this field as well, with the following values, as per the screenshot below:
No baseline = Question Mark
On schedule = Green
Within tolerance = Amber
Outside tolerance = Red
Of course, your indicators could be different to those that I have chosen, as well as the text. Just make sure to update the formula if you want to change the returned text.
Hopefully this will shorten your chin-scratching time when attempting to do something similar!
Lester
#SPSUK slides: Transitioning from #SP2013 to #PS2013 for #EPM #MSProject #SharePoint
Thank to all those who attend my presentation yesterday at SharePoint Saturday UK 2012. There were lots of questions throughout and a thoroughly engaged audience.
Presentation Slides
The slides are now uploaded here: http://www.slideshare.net/Ghamson/cps-transitioning-from-sharepoint-to-project-server-2013-for-enterprise-project-management
Via PowerPoint (Office Web Apps / SkyDrive)
Video Demonstration
I also created a video of the demonstration of the day. This is embedded as part of the presentation and is also available here:
Transitioning from #SP2013 to #PS2013 for Enterprise Project Management #SPSUK #MSProject #SharePoint
Just a quick note to say that I will be presenting at SharePoint Saturday UK on December 8th 2012 on:
Project Site to Project Management
Transitioning from SharePoint to Project Server for Enterprise Project Management
Session Objectives:
After attending this session you will understand the different tools for Project Management offered with SharePoint and Project Server, including the advantages / disadvantages of each method.
In addition you will also takeaway:
- A high level understanding of how SharePoint / Project Server work together
- The benefits of enterprise project management
- Project management maturity expectations as solutions become more complex
Agenda:
- What’s Project Server / Project Online
- Understanding Project Maturity
- Supporting Tools
- Transition – Simple to Complex
- Demo
- Decisions – Where to start?
- Conclusion
Where, When, How?
- Conference: SharePoint Saturday UK 2012
- Location: Nottingham
- Date: Saturday, 8 December 2012
- Conference Times: 09:00 to 17:00 (GMT)
- Presentation Time: 13:30 to 14:30
- Presenter: Giles Hamson
- Full Address:
East Midlands Conference Centre
University Park
NG7 2RJ Nottingham
United Kingdom
If you see me during the day, say hello and I hope you all enjoy the conference.
SharePoint (and Project Server) Shenanigans 
You must be logged in to post a comment.