| Following my previous post related to the availability of the multiple factors authentication preview for Office 365, here is an additional one to detail the management. Once you have enabled multi factors authentication (follow this post http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=524), you can manage additional settings such as viewing usage reports, download the SDK or configure blocked/bypassed user or fraud alert. Manage additional settings for multi factors authentication - Logon to the Windows Azure administration portal (https://manage.windowsazure.com) using an administrator account
- Go to the Active Directory from the left menu or or hit directly your multi factors authentication provider from the portal home page
 
- Once you have reached the multi factors authentication provider page, click on the Manage button shown at the bottom; NOTE this will open a new window/tab, so make sure you allowed windowsazure.com domain on your pop-up blocker
- Then you will reach the Windows Azure Authentication administration portal
- From there you can view usage report, configure some additional settings or download the SDK in order to develop Azure Application which will be able to use the multi factors authentication
Additional Settings - From the left menu, click on the Settings link below the Configure section
- From this settings page you can
- Define time outs before users has to retry his authentication process
- Enable/disable the fraud alert function which allows end-user to notify administrators of tentative to be authenticated on their behalf
- Lock user account after X consecutive authentication failed
Notifications - Click on the Notifications link from the left menu, below the Configure section
- This page allows you to define administrators email address to receive notification, such as from end-users notifying fraudulent authentication requests
Block/Unblock Users - By hitting the Block/Unblock option below the User Administration section from the left menu, you can enable/disable user account for multi factors authentication
- The One-Time Bypass allows administrators to define a temporary bypass for multi factors authentication; this is similar to the option to bypass physical token when you loose it or when the token is broken
|
| I just being notified that I have been awarded as Microsoft Community Contributor on Office 365 for my answers on Office 365 Community forums. 
|
| Microsoft has released a preview of the two factor authentication feature for Office 365, Windows Azure, Windows Intune or Dynamics CRM Online. Enable Two Factors Authentication - Sign in to Windows Azure (https://manage.windowsazure.com/) with an administrator account
- Go to the Active Directory section from the left and choose Active Auth Providers
- Then create a new Active Authentication Provider
- Directory: allows you to link with your Active Directory
- The new provider is now created and appear in the providers list
- You can NOT change the Usage Model but you can change the subscription and the directory associated by hitting the provider name
Enable Users to use Two Factors Authentication - Go to the Active Directory section from the left and choose Directory and select the Active Directory tenant
- Select the user for which you want to enable Two Factors Authentication, scroll down to the Role section which propose the option Require Multi-Factor Authentication
NOTE once enabled, the user will not be able to sign-in to non-browser clients like Outlook, Lync or PowerShell 
- Next time the user will logon, he will be asked to choose one of the multi-factor authentication methods
- App Notification – Use the Active Authentication smart phone app
- App One-time password (OTP) – Use a One-time Password with their Active Authentication smart phone app
- Phone Call – A phone call to their mobile or landline phone
- Text Message –A text message sent to their mobile phone
End user multi factor configuration - Once the user has been enabled for multi-factor, the first time he logon again he will have to choose one of the multi-factor authentication methods
- The first 3 options are phone related (SMS or call), so there is nothing more to do than defining which phone number to use
- The last one is Mobile App which will allows to define an OTP (One Time Password)
- A configuration page will be displaying a Qrcode; this requires to install BEFORE the Active Authentication app from the App Store (on Windows Phone 7 or 8 this is called Active Auth – publisher PhoneFactor; but this is also available for iOS or Android) – I added the link to the app for each platform
You must enabled Push notification to be able to add an account 
- Once the app displays 6 number, you can click Done button and let the system checking the activation
- Once activation has been validated, the user will be asked to use the app to allow or deny the access to the application
- By default, the system will use the Preferred authentication method define when configuring the multi-factor authentication but off course (if for any reason he has not the device to be used as preferred) he can choose another one
|
| Starting today, Office 365 customers with Enterprise plan can enable Yammer as the default social network in replacement of the SharePoint newsfeed. To do so: - Logon to your SharePoint Administration portal either using the administration menu on top right or using the direct URL (https://<your tenant>-admin.sharepoint.com/)
- Then go to the Settings option available on the left and choose Use Yammer.com service at the Enterprise Social Collaboration section on top of the page
Once done, the Newsfeed link available on top is changed to Yammer  >>> 
End user may receive a request to confirm to go to Yammer 
Then you will be redirected to your Yammer site. |
| As part of the latest post about directory synchronization with Office 365, here is a small trick to manage the schedule for directory synchronization. This is not new with the latest release. By default, DirSync is synching your AD with Office 365 every 3 hours. But you may want to manage this schedule in order to do it more or less frequently. Off course, you still have to ability to run a PowerShell script to force the synchronization  . So, the DirSync schedule settings is located in the Microsoft.Online.DirSync.Scheduler.exe.config file stored in the installation folder of DirSync (default is C:\Program Files\Windows Azure Active Directory Sync) – NOTE: if you are still using an older version of DirSync, the folder name may be different to Microsoft Online Directory Sync To change the schedule from running every 3 hours to what you want, just open the file and change the value of SyncTimeInterval. After changing this settings you have to restart ForeFront services in order to take into account the new value of the schedule time. |
| As you may already know there 2 way to manage user accounts on Office 365: - From the cloud, using Office 365 administration portal (https://portal.microsoftonline.com) or using PowerShell
- From your on premises – so your own AD, using the Active Directory Synchronization tool, called DirSync
The latest release of DirSync is now including a long waited feature: password synchronization This was a long wait feature as until now, there was no way to synchronize your on premise password except by implementing ADFS which is NOT password synchronization but redirecting authentication processes to your on premise AD; this means in case of your ADFS is not available, there is no way to access your Office 365 data. So, the new DirSync release now offers to synchronize your AD password with your Office 365 account. Go to http://go.microsoft.com/fwlink/?LinkID=278924 to download the latest release (only available in 64 bits version). The install process is mainly the same than previous version of DirSync – if you already had DirSync installed you have to uninstall it before; don’t worry, you will not loose your existing account and the next sync will not be a full one  . You can check this post for the installation process http://blog.hametbenoit.info/Lists/Posts/ViewPost.aspx?ID=260 You may have a .Net Framework error related to security permission; just right click on the installation file and choose Run as administrator 
Once installed, during the configuration process you will have a new step called Password Synchronization; if you want to enable it, just check the box 
To know more about this new feature, go to http://technet.microsoft.com/en-us/library/dn246918.aspx |
| As you may already know, if not this is done  , you can now embedded some HTML code on your SharePoint pages (available on SharePoint 2013 and SharePoint Online); especially on blog post. To do so, just create a new blog post (or page) and use the Insert tab and Embed Code button. 
However, there is some security settings associated with this option. I ran onto an issue when I tried to embedded a Slideshare presentation I just uploaded earlier. This HTML cannot be inserted because this type of content is not allowed. 
After digging a little bit on this issue, the security settings associated with the embedded code option is available at the Site Settings\Site Collection Administration\HTML Field Security option 
When you go there, you can allow/disallow embedded code and then if allowing, manage from which domain embedded code is allowed. By default, there is only YouTube, Bing, Skydrive and Office. 
|
| I have uploaded a presentation about right management services on Office 365, called Azure Active Directory Right Management (AADRM). Enjoy |
| With BPOS and the first version of Office 365, Microsoft has provided a web tool (Speed Test) to assist customer to determine if their internet connection can support Microsoft Online services, from messaging to collaboration [covering Exchange Onlnine but more important Lync as it may consume important bandwidth]. This tool was available from www.microsoftspeedtest.com Since few months, this site is no longer available and many Office 365 customer (existing or potential) as well as consultant implementing Office 365 have no tool to evaluate the impact of Microsoft Online services on their internet connection. Fortunately, there is another tool available – initially covering only Lync (Lync Online Transport Reliability IP Probe - TRIPP), can provide a good replacement. Unfortunately, there is no global URL as it was the case with Speed Test; this means you have to use the URL the most appropriate accordingly to the datacentre used for your Office 365 tenant: - Convenient for EMEA customers
- Convenient for North America customers:
- Convenient for APAC customers:
That’s said, how it works?? - Connect to the most appropriate access point
- If you don’t have Java installed, you will have to – it was the same with Speed Test
- Then it works almost like Speed Test; just start the test and let the tool working
- As Lync is consuming the most part of the bandwidth related to the other Office 365 services, results provided will give you an accurate estimation of your need
|
| As you may already know, Microsoft has announced few months ago the end of some ForeFront products line, including ForeFront Protection the antivirus solution for Exchange, SharePoint and Office Communication Server (yes, Lync never had any updates while it has been long waited since Lync 2010). As part of this, you may also have read some information about the fact that ForeFront Protection for SharePoint may be installed on top of SharePoint 2013 as no change have been made at the SharePoint antivirus API levels (see the well famous http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx) I had a customer which already have ForeFront Protection for SharePoint which wanted to use it for their new SharePoint 2013 implementation. So we tried and… we failed. Indeed the setup program for ForeFront Protection is looking for some prerequisites which have been (off course) installed, except SharePoint Foundation 2010. 
This is now a final conclusion that ForeFront Protection can’t be installed on top of SharePoint 2013. |
Compliance Details javascript:commonShowModalDialog('{SiteUrl}'+
'/_layouts/15/itemexpiration.aspx'
+'?ID={ItemId}&List={ListId}', 'center:1;dialogHeight:500px;dialogWidth:500px;resizable:yes;status:no;location:no;menubar:no;help:no', function GotoPageAfterClose(pageid){if(pageid == 'hold') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/hold.aspx'
+'?ID={ItemId}&List={ListId}'); return false;} if(pageid == 'audit') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/Reporting.aspx'
+'?Category=Auditing&backtype=item&ID={ItemId}&List={ListId}'); return false;} if(pageid == 'config') {STSNavigate(unescape(decodeURI('{SiteUrl}'))+
'/_layouts/15/expirationconfig.aspx'
+'?ID={ItemId}&List={ListId}'); return false;}}, null); 0x0 0x1 ContentType 0x01 898 Document Set Version History /_layouts/15/images/versions.gif?rev=23 javascript:SP.UI.ModalDialog.ShowPopupDialog('{SiteUrl}'+
'/_layouts/15/DocSetVersions.aspx'
+ '?List={ListId}&ID={ItemId}') 0x0 0x0 ContentType 0x0120D520 330 Send To other location /_layouts/15/images/sendOtherLoc.gif?rev=23 javascript:GoToPage('{SiteUrl}' +
'/_layouts/15/docsetsend.aspx'
+ '?List={ListId}&ID={ItemId}') 0x0 0x0 ContentType 0x0120D520 350
|
Office365 Undercover by Arnaud ALCABEZ
|
