Archive

Archive for the ‘CPS Cross Post’ Category

#Office365 Two Factor Authentication (Preview) (Phone Factor) #O365

August 13, 2013 1 comment

So I am about to embark on a client who is interested in two factor authentication in their existing Office 365 environment.

Oliver StickleyWith the speed Microsoft is going at these days, surely there is a solution to this and speaking to some contacts with Oliver Stickley, Microsoft helped us out.

What is Two Factor Authentication?

Single factor authentication is via a single method such as a Username and Password.

Two Factor Authentication adds an extra measure into the mix to ensure that you are who you say you are.  This could be an RSA Security Key or more recently the market is shifting towards using mobile phones as the security key with the use of automated phone calls, text messaging (SMS) or mobile apps.

The Solution

In October 2012, Microsoft acquired a company called PhoneFactor (more info) which has been developing two factor authentication solutions in the cloud for a while now and recently the capabilities have been added to Office 365 in the form of a preview which is free to try for Administrators.

NB: Please be aware that this is currently in preview, so they are still working out the kinks, pricing model, release schedules etc..

Given that we are in preview, not everything will be perfect, but there is still options that you can try out now assuming you have an Enterprise plan.

Three options are available:

  • Cloud IdentityOffice 365
  • Directory & Password Synchronisation
  • Federated Identity (ADFS)
    The various pros and cons of each option are described below in the video presentation.

NB: I can confirm that this is not available on the P1/P2 plans but unsure about the small business plans.

How does it work?

As part of my research I came across this excellent presentation from Microsoft Consulting Services which goes into detail about how the solution works.

Understanding Identities and Single Sign On.

 

Powerpoint-2013

Ignite Webcast – Understanding Identities and Single Sign On 

NB:   Please note that some limitations exist with non-ADFS setups and local client software (Outlook, Office etc.).  (it is a preview after all)

Original Source: http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2013/02/07/understand-identities-and-single-sign-on-with-our-upcomoing-ignite-webcast.aspx

2nd Factor Authentication Options

So we know what two factor authentication is all about and we have seen how it is likely to work within Office 365, lets explore the options we have available to us:

Phone Call & SMS

Using any mobile phone (smart, non-smart or event an office phone), you can log-in with an automated phone call from Microsoft or an SMS Text Message which provides and authentication code.

image

Mobile App – Windows Phone 7 & 8

If you don’t have phone signal, then you can use generated no. authentication methods via a mobile app.  Microsoft of course support their own platforms

0c787737-55ad-4991-81af-c887758fe456 b675cbdd-f4f5-42c6-971c-1d5f8b61ab61

Mobile App – iOS / Android

The mobile app is also available for iOS and Android as well which pretty much covers most of the mobile market.  Search for Active Authentication from the Microsoft Corporation or use the links provided below.

iPhone Screens:

screen568x568 screen568x568 (1) screen568x568 (2)
Demonstration:
 
Before the Microsoft re-brand iOS demonstration

iOS (iPhone / iPad) App Download: https://itunes.apple.com/gb/app/active-authentication/id475844606?mt=8

Android Screens:

android1 Android2

Android App Download: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en

 

That’s great, how do I get started?

Excellent question, it’s available in your Office 365 admin panel right now and is incredibly easy to setup without ADFS…

Login to your Office 365 admin portal, click Users and Groups:

image

Click the set up link shown above.

Now select the name you want to use two factor authentication with and click enable.

image

Please keep at least one admin account with single factor authentication whilst you are using this preview version.

NB: Admins are free to use the capability, standard users require a license.

Once you have turned it on against your admin user account.  Log out and log back in.  You will be asked to initially verify your second type of authentication.

Choose your preferred option from below:

image

NB: You will find this link useful later as in the preview there doesn’t appear to be a link within the Office 365 interface:

Even though it is Windows Azure based, login with your Office 365 account details.

That is it.  You are setup and working.

Preview documentation is available on TechNet here:

    If you would like to use ADFS, take a look at the links above and perhaps contact your favourite Microsoft partner (hint: CPS (http://www.cps.co.uk) to help you out.
    Ok, v.long post today but hopefully you will all find it useful.  Till the next time…
    Advertisements

    Timesheet Managers in Project Server 2013

    July 29, 2013 2 comments

    Quick Recap

    One of the new features in Project Server 2013 was to do with Timesheet Managers – i.e. those that approve timesheets. In previous versions of Project Server, this was controlled via the “Accept Timesheets” permission, but the functionality has now been split out into a new section under Server Settings (PWA Settings if you haven’t added Server Settings to the Quick Launch).

     

    Here’s the old 2010 group permissions:

    image

    And the new 2013 group permissions:

    image

    There are a couple of other permissions missing from the group permissions in 2013, but I won’t cover those in this post.

    The Technet article about permissions for 2013 appears to be out of date (still listing the ‘Accept Timesheets’ permission), but it works as a good overview of the permissions required:

    http://technet.microsoft.com/en-us/library/cc197631(v=office.15).aspx

    Setting Permissions

    There are two methods for timesheet approval within Project Server 2013 – fixed approval, which will turn timesheets in to the resource’s designated timesheet manager, or non-fixed approval, which allows the resource to choose the next approver for the timesheet. This method allows for the approval chains that were available in Project Server 2010.

     

    To set up fixed approval routing – navigate to Server Settings > Timesheet Settings and Defaults and make sure you have checked the ‘Fixed Approval Routing’ option:

    image

    When submitting a timesheet with this mode on, the submission screen will look like this:

    image

     

    Disabling fixed approval routing will cause the timesheet submission screen to prompt for the next approver for the timesheet:

    image

     

    Timesheet Managers

    OK, so how do people appear in the list of approvers for timesheets? Well, there’s a new menu option in Project Server 2013 under Server Settings > Timesheet Managers:

    image

    Simply add users to this list by clicking “Add Manager:

    image

     

    Setting up Multiple Approvers

    If you wanted to set up an approval chain so that you have, in effect, timesheet reviewers who then forward the timesheet on for approval, this is done via permissions. Because this is a category permission, you could control which groups of users’ timesheets can be approved or not. This might be useful if you wanted only a subset of resources to review timesheets for another set of resources. This could be useful for reviewing contractor timesheets, for example.

    Against the group that you want to have as timesheet reviewers, make sure that the ‘Approve Timesheets’ permission is NOT set for the relevant category. In my example below, this group could approve timesheets for all current and future resources (from the My Organization category).

    image

    The above settings would make this group of users able to review all timesheets in Project Server, assuming they have been selected as the approver if you have not turned on fixed approval routing.

     

    Note: There does appear to be a small bug with the label when using multiple timesheet approvers at the minute. This will manifest as the following:

    image

    The text says <% <%$Resources:PWA,ADMIN_ADDMODIFYUSER_BROWSE%>>

    Nothing to worry about, just a label bug Smile

    Project Server Start Date Reporting Quirk

    July 11, 2013 1 comment

    I came across a little possible pitfall while generating some reporting for a client, which I thought I should share with the community.

     

    In Microsoft Project, the Start Date in Project Information defaults to the Start Date of the first task in the plan.

    image

    Obviously this can be changed in the Project Information so that the Start Date of the Project does not necessarily reflect the Start of the first task in the plan, or the Project Summary task.

    image

    So which date does appears in the reporting database? Well, here are the results:

    From the MSP_EpmProject_UserView view in the reporting database

    image

    As you can see, the date from the MSP_EpmProject_UserView displays whatever is set in the Project Information. This might cause some unexpected information in reports, so we need to expand our query to include the date from the Project Summary task:

    image

    So, when writing the specifications for your reports, make sure you’re clear which date the client wants – it’s not unheard of having a plan created a few months in advance of the work being realistically scheduled which might cause this confusion!

    Obviously the clear process-driven workaround is to have your Project Managers ensure that the Start Date in Project Information is updated when scheduling the project!

    OLAP Cube Error – Cannot process the Project custom field

    June 27, 2013 1 comment

    Just a quick note to let you know about an error I came across today.

    In Project Server 2010, I had a field called “Objective”. This was associated with a lookup table of the same name, which was single-value select. This field was added to the Project OLAP cube, which built successfully. So far so good!

    I then changed the field type to multi-select, and left the cube to build overnight. Came back the next day to a failed OLAP build. The exact error I got in the queue was this:

    • CBS message processor failed:
    • CBSMetadataProcessingFailure (17005) – InitCustomFieldDimensions cannot process the Project custom field ‘Objective’. Details: id=’17005′ name=’CBSMetadataProcessingFailure’ uid=’c69b0459-5d1f-4d78-a410-f56cd32eca97′ QueueMessageBody=’Setting UID=00007829-4392-48b3-b533-5a5a4797e3c9 ASServerName=<SQLServer> ASDBName=OLAPCube ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=10/30/2012 00:00:00 ToDate=10/30/2012 00:00:00 HighPriority=True’ Error=’InitCustomFieldDimensions cannot process the Project custom field ‘Objective”.

    Hmmm…OK, must be the change I made to the field. I need this field to be multi-value, but I don’t necessarily need it in the cube for reporting. So, I went to remove the field from the cube but it wasn’t listed. Weird. I thought re-saving the OLAP configuration and re-building it would just flush out the field since it was no longer listed in the cube configuration. I got the same error in the queue again.

    The only fix I found for this was to re-create the OLAP cube with all of the same settings as previously, minus the “Objective” field, which I couldn’t add anyway as multi-value fields aren’t available to add to the cube.

    Hope this helps you out if you come across this error in the future.

    Lester

    Edit: it seems that this was a known issue back in 2011, which hasn’t yet been fixed. More info on Brian Smith’s blog here: http://blogs.msdn.com/b/brismith/archive/2011/02/04/project-server-2010-take-care-changing-custom-fields-to-allow-multiple-values.aspx

    Hiding tasks from the Gantt Chart

    January 21, 2013 1 comment

    Have you ever wanted to hide tasks from the Gantt Chart? The following technique is useful for tidying up a schedule – for example, if you want to show only pertinent Gantt information for a presentation, or take a screenshot of a plan for a client that contains some internal tasks.

    To hide individual bars in the Gantt display, simply insert the “Hide Bar” field and set it to “Yes” for the requisite tasks:

    image

    After hiding:

    image

    You’ll notice that all incoming dependencies for the hidden bar are also hidden, so take care when looking at your predecessor/successor logic!

    Lester

    Showing/hiding items from the Gantt Chart

    January 10, 2013 1 comment

    A useful little nugget about Microsoft Project that came in handy the other day is showing or hiding items from your Gantt chart. It’s as simple as this:

    In Microsoft Project right-click in the Gantt Chart and select “Gridlines”:

    image

    To show, for example the Current Date on your Gantt, select “Current Date” and change the line type from blank to any other line style. Change the colour if required, then click “OK”.

    My example here is showing the Status Date as a red line, and the Current Date as a blue line:

    image

    #SharePoint Integration Mode and no Data Driven Subscriptions #SP2013 #SP2010 #SSRS

    January 7, 2013 2 comments

    Just come back after the New Year and was posed with an interesting problem.

    SharePoint 2010, SSRS in integration mode but under the manage subscriptions link within a report, the Add Data Driven Subscription button was missing from the screen.

    image

    So after some googling / binging around, I found that the answer was because we were using SQL Server 2008 Standard and Data Driver Subscriptions require the Enterprise version of SQL Server.

    Anyway, just a quick post in case I forget in future.  Useful links below:

    Although in this scenario I am talking about SQL Server 2008, the same is true of SQL Server 2008 R2.  In SQL Server 2012, Enterprise or Business Intelligence editions are required:

    %d bloggers like this: