Skip Ribbon Commands
Skip to main content
SharePoint

Benoit's corner

Jun 16
Office 365 – Manage Multiple Factors Authentication

Following my previous post related to the availability of the multiple factors authentication preview for Office 365, here is an additional one to detail the management.

Once you have enabled multi factors authentication (follow this post http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=524), you can manage additional settings such as viewing usage reports, download the SDK or configure blocked/bypassed user or fraud alert.

 

Manage additional settings for multi factors authentication

  • Logon to the Windows Azure administration portal (https://manage.windowsazure.com) using an administrator account
  • Go to the Active Directory from the left menu or or hit directly your multi factors authentication provider from the portal home page

imageimage

  • Once you have reached the multi factors authentication provider page, click on the Manage button shown at the bottom; NOTE this will open a new window/tab, so make sure you allowed windowsazure.com domain on your pop-up blocker

image

  • Then you will reach the Windows Azure Authentication administration portal

image

  • From there you can view usage report, configure some additional settings or download the SDK in order to develop Azure Application which will be able to use the multi factors authentication

Additional Settings

  • From the left menu, click on the Settings link below the Configure section

image

  • From this settings page you can
    • Define time outs before users has to retry his authentication process
    • Enable/disable the fraud alert function which allows end-user to notify administrators of tentative to be authenticated on their behalf
    • Lock user account after X consecutive authentication failed

image

 

Notifications

  • Click on the Notifications link from the left menu, below the Configure section

image

  • This page allows you to define administrators email address to receive notification, such as from end-users notifying fraudulent authentication requests

image

 

Block/Unblock Users

  • By hitting the Block/Unblock option below the User Administration section from the left menu, you can enable/disable user account for multi factors authentication

image

  • The One-Time Bypass allows administrators to define a temporary bypass for multi factors authentication; this is similar to the option to bypass physical token when you loose it or when the token is broken

image

 

    Jun 16
    Office 365 – Being awarded as Microsoft Community Contributor on Office 365

    I just being notified that I have been awarded as Microsoft Community Contributor on Office 365 for my answers on Office 365 Community forums.

    image 

    Jun 13
    Office 365 – Two factors authentication is now available as preview

    Microsoft has released a preview of the two factor authentication feature for Office 365, Windows Azure, Windows Intune or Dynamics CRM Online.

    Enable Two Factors Authentication

    • Sign in to Windows Azure (https://manage.windowsazure.com/) with an administrator account
    • Go to the Active Directory section from the left and choose Active Auth Providers

    image

    • Then create a new Active Authentication Provider

    image

    image

      • Directory: allows you to link with your Active Directory

    image

    • The new provider is now created and appear in the providers list

    image

    image

    • You can NOT change the Usage Model but you can change the subscription and the directory associated by hitting the provider name

    image

    image

     

    Enable Users to use Two Factors Authentication

    • Go to the Active Directory section from the left and choose Directory and select the Active Directory tenant

    image

    • Select the user for which you want to enable Two Factors Authentication, scroll down to the Role section which propose the option Require Multi-Factor Authentication

    NOTE once enabled, the user will not be able to sign-in to non-browser clients like Outlook, Lync or PowerShell

    image

    image

    • Next time the user will logon, he will be asked to choose one of the multi-factor authentication methods
      • App Notification – Use the Active Authentication smart phone app
      • App One-time password (OTP) – Use a One-time Password with their Active Authentication smart phone app
      • Phone Call – A phone call to their mobile or landline phone
      • Text Message –A text message sent to their mobile phone

    image

     

    End user multi factor configuration

    • Once the user has been enabled for multi-factor, the first time he logon again he will have to choose one of the multi-factor authentication methods

    image

    • The first 3 options are phone related (SMS or call), so there is nothing more to do than defining which phone number to use
    • The last one is Mobile App which will allows to define an OTP (One Time Password)

    image

    • A configuration page will be displaying a Qrcode; this requires to install BEFORE the Active Authentication app from the App Store (on Windows Phone 7 or 8 this is called Active Auth – publisher PhoneFactor; but this is also available for iOS or Android) – I added the link to the app for each platform

    You must enabled Push notification to be able to add an account

    image

    image

    • Once the app displays 6 number, you can click Done button and let the system checking the activation

    image

    • Once activation has been validated, the user will be asked to use the app to allow or deny the access to the application
    • By default, the system will use the Preferred authentication method define when configuring the multi-factor authentication but off course (if for any reason he has not the device to be used as preferred) he can choose another one

    image

    image

    Jun 11
    Office 365 – You can now define Yammer as your default Enterprise social network

    Starting today, Office 365 customers with Enterprise plan can enable Yammer as the default social network in replacement of the SharePoint newsfeed.

    To do so:

    • Logon to your SharePoint Administration portal either using the administration menu on top right or using the direct URL (https://<your tenant>-admin.sharepoint.com/)

    image

    • Then go to the Settings option available on the left and choose Use Yammer.com service at the Enterprise Social Collaboration section on top of the page

    image

    Once done, the Newsfeed link available on top is changed to Yammer

    image >>> image

    End user may receive a request to confirm to go to Yammer

    image

    Then you will be redirected to your Yammer site.

    Jun 05
    Office 365 – Change the schedule directory synchronization

    As part of the latest post about directory synchronization with Office 365, here is a small trick to manage the schedule for directory synchronization.

    This is not new with the latest release.

    By default, DirSync is synching your AD with Office 365 every 3 hours. But you may want to manage this schedule in order to do it more or less frequently. Off course, you still have to ability to run a PowerShell script to force the synchronization Smile.

    So, the DirSync schedule settings is located in the Microsoft.Online.DirSync.Scheduler.exe.config file stored in the installation folder of DirSync (default is C:\Program Files\Windows Azure Active Directory Sync) – NOTE: if you are still using an older version of DirSync, the folder name may be different to Microsoft Online Directory Sync

    To change the schedule from running every 3 hours to what you want, just open the file and change the value of SyncTimeInterval.

    After changing this settings you have to restart ForeFront services in order to take into account the new value of the schedule time.

    Jun 05
    Office 365 – Directory Synchronization now includes password sync

    As you may already know there 2 way to manage user accounts on Office 365:

    • From the cloud, using Office 365 administration portal (https://portal.microsoftonline.com) or using PowerShell
    • From your on premises – so your own AD, using the Active Directory Synchronization tool, called DirSync

    The latest release of DirSync is now including a long waited feature: password synchronization

    This was a long wait feature as until now, there was no way to synchronize your on premise password except by implementing ADFS which is NOT password synchronization but redirecting authentication processes to your on premise AD; this means in case of your ADFS is not available, there is no way to access your Office 365 data.

    So, the new DirSync release now offers to synchronize your AD password with your Office 365 account.

    Go to http://go.microsoft.com/fwlink/?LinkID=278924 to download the latest release (only available in 64 bits version).

    The install process is mainly the same than previous version of DirSync – if you already had DirSync installed you have to uninstall it before; don’t worry, you will not loose your existing account and the next sync will not be a full one Smile. You can check this post for the installation process http://blog.hametbenoit.info/Lists/Posts/ViewPost.aspx?ID=260

    You may have a .Net Framework error related to security permission; just right click on the installation file and choose Run as administrator

    image

    Once installed, during the configuration process you will have a new step called Password Synchronization; if you want to enable it, just check the box

    image

    To know more about this new feature, go to http://technet.microsoft.com/en-us/library/dn246918.aspx

    Jun 05
    SharePoint 2013 – Can not embedded HTML code

    As you may already know, if not this is done Smile, you can now embedded some HTML code on your SharePoint pages (available on SharePoint 2013 and SharePoint Online); especially on blog post.

    To do so, just create a new blog post (or page) and use the Insert tab and Embed Code button.

    image

    However, there is some security settings associated with this option.

    I ran onto an issue when I tried to embedded a Slideshare presentation I just uploaded earlier.

    This HTML cannot be inserted because this type of content is not allowed.

    image

    After digging a little bit on this issue, the security settings associated with the embedded code option is available at the Site Settings\Site Collection Administration\HTML Field Security option

    image

    When you go there, you can allow/disallow embedded code and then if allowing, manage from which domain embedded code is allowed. By default, there is only YouTube, Bing, Skydrive and Office.

    image 

    Jun 05
    Office 365 – Use Azure Active Directory Right Management with Office 365

    I have uploaded a presentation about right management services on Office 365, called Azure Active Directory Right Management (AADRM).

    Enjoy

    May 24
    Office 365 – Speedtest replacement

    With BPOS and the first version of Office 365, Microsoft has provided a web tool (Speed Test) to assist customer to determine if their internet connection can support Microsoft Online services, from messaging to collaboration [covering Exchange Onlnine but more important Lync as it may consume important bandwidth]. This tool was available from www.microsoftspeedtest.com

    Since few months, this site is no longer available and many Office 365 customer (existing or potential) as well as consultant implementing Office 365 have no tool to evaluate the impact of Microsoft Online services on their internet connection.

    Fortunately, there is another tool available – initially covering only Lync (Lync Online Transport Reliability IP Probe -  TRIPP), can provide a good replacement.

    Unfortunately, there is no global URL as it was the case with Speed Test; this means you have to use the URL the most appropriate accordingly to the datacentre used for your Office 365 tenant:

    That’s said, how it works??

    • Connect to the most appropriate access point
      • If you don’t have Java installed, you will have to – it was the same with Speed Test
    • Then it works almost like Speed Test; just start the test and let the tool working

    image 

    • As Lync is consuming the most part of the bandwidth related to the other Office 365 services, results provided will give you an accurate estimation of your need

    image 

    May 24
    SharePoint – ForeFront Protection for SharePoint on top of SharePoint 2013

    As you may already know, Microsoft has announced few months ago the end of some ForeFront products line, including ForeFront Protection the antivirus solution for Exchange, SharePoint and Office Communication Server (yes, Lync never had any updates while it has been long waited since Lync 2010).

    As part of this, you may also have read some information about the fact that ForeFront Protection for SharePoint may be installed on top of SharePoint 2013 as no change have been made at the SharePoint antivirus API levels (see the well famous http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx)

    I had a customer which already have ForeFront Protection for SharePoint which wanted to use it for their new SharePoint 2013 implementation. So we tried and… we failed.

    Indeed the setup program for ForeFront Protection is looking for some prerequisites which have been (off course) installed, except SharePoint Foundation 2010.

    image

    This is now a final conclusion that ForeFront Protection can’t be installed on top of SharePoint 2013.

    1 - 10Next

     ‭(Hidden)‬ Blog Tools

     Share This

     Follow Me On

     Office365 Undercover by Arnaud ALCABEZ

    Retrieving Data

     Certifications

    Microsoft Certified Systems Administrator 
    Microsoft Certified Systems Administrator - Messaging
    Microsoft Certified Systems Engineer 
    Microsoft Technology Specialist 
     Microsoft Certified IT Professional

     Translation Tool

    Translate this page

     FaceBook Fan's Page

     Books I wrote

    Le portail Microsoft SharePoint 
    Microsoft Office SharePoint Portal Server 2003 et WSS au quotidien 
    Microsoft Office SharePoint Server (MOSS) et Office 2007  
    Microsoft Sharepoint 2010