Office 365 – Two factors authentication is now available as preview

Microsoft has released a preview of the two factor authentication feature for Office 365, Windows Azure, Windows Intune or Dynamics CRM Online.

Enable Two Factors Authentication

  • Sign in to Windows Azure (https://manage.windowsazure.com/) with an administrator account
  • Go to the Active Directory section from the left and choose Active Auth Providers

image

  • Then create a new Active Authentication Provider

image

image

    • Directory: allows you to link with your Active Directory

image

  • The new provider is now created and appear in the providers list

image

image

  • You can NOT change the Usage Model but you can change the subscription and the directory associated by hitting the provider name

image

image

 

Enable Users to use Two Factors Authentication

  • Go to the Active Directory section from the left and choose Directory and select the Active Directory tenant

image

  • Select the user for which you want to enable Two Factors Authentication, scroll down to the Role section which propose the option Require Multi-Factor Authentication

NOTE once enabled, the user will not be able to sign-in to non-browser clients like Outlook, Lync or PowerShell

image

image

  • Next time the user will logon, he will be asked to choose one of the multi-factor authentication methods
    • App Notification – Use the Active Authentication smart phone app
    • App One-time password (OTP) – Use a One-time Password with their Active Authentication smart phone app
    • Phone Call – A phone call to their mobile or landline phone
    • Text Message –A text message sent to their mobile phone

image

 

End user multi factor configuration

  • Once the user has been enabled for multi-factor, the first time he logon again he will have to choose one of the multi-factor authentication methods

image

  • The first 3 options are phone related (SMS or call), so there is nothing more to do than defining which phone number to use
  • The last one is Mobile App which will allows to define an OTP (One Time Password)

image

  • A configuration page will be displaying a Qrcode; this requires to install BEFORE the Active Authentication app from the App Store (on Windows Phone 7 or 8 this is called Active Auth – publisher PhoneFactor; but this is also available for iOS or Android) – I added the link to the app for each platform

You must enabled Push notification to be able to add an account

image

image

  • Once the app displays 6 number, you can click Done button and let the system checking the activation

image

  • Once activation has been validated, the user will be asked to use the app to allow or deny the access to the application
  • By default, the system will use the Preferred authentication method define when configuring the multi-factor authentication but off course (if for any reason he has not the device to be used as preferred) he can choose another one

image

image

Leave a Comment

Your email address will not be published. Required fields are marked *