Multi Factor Authentication with Office Clients

In one of my blog post I talked about Multi Factor Authentication and how to set it up. http://blog.j-solutions.be/?p=441

One of the limitations of multi factor authentication was, that it couldn’t be used with Outlook & Lync, today we have to announce that this limitation is solved. To make this available we need to generate an application app.

To configure the multi factor, go to the Microsoft Online Portal. When you’ve entered the correct credentials you need to chose an additional security verification:

04

Configure the Mobile App, Mobile phone, Office phone, … what type of verification you like best. Read more on http://blog.j-solutions.be/?p=831

05

Click on verify now, your selected verification option will ask you to verify your credentials.

06

Enter you mobile number.

07

08

Click on Generate app password.

GenerateAppPassword

It’s this password that we’re going to use in our outlook profile. When you create a new profile and you need to enter a password, you chose the app password that the portal has generated for you.

01

03

Advertisements

Create an Application Portal with WAAD Premium

We’ve been talking about 2 of the 3 features of Windows Azure Active Directory on this blog.

  1. Change the appearance of your login screen: http://office365tipoftheday.com/2013/12/17/customize-your-office-365-login-page/
  2. Self Service Reset Password Portal: http://office365tipoftheday.com/2013/12/01/windows-azure-active-directory-self-service-password-reset-portal/

The third feature we want to highlight is the Application Portal. As with the previous 2 features you need to activate the Premium Features if you haven’t already. The url of the Application Portal is http://myapps.microsoft.com/ . Logon with your Organizational Account (read Windows Azure Active Directory Account).

And this is the result.

01

By default 2 applications are already activated: SharePoint Online & Outlook Web App

If we want to add additional application we have to do that through the Azure Management Portal.

  1. Go to https://manage.windowsazure.com
  2. Login
  3. Go to Active Directory
  4. Select your Active Directory
  5. Go to Application

02

Click on the ADD button at the bottom. Choose if you want to add an application that you are developing or one that is provided by a third party through the Application Gallery. In this scenario we’ll pick the last scenario.

03

The application that I use to do book keeping is XERO. An they also have a application in this Gallery …

04

When I add this application it will be added to the Azure Management Portal.

05

The next step is to assign this application to users. Not everybody needs to have this in the Application Portal. Only people who have access to your book keeping software should see this. So Windows Azure Active Directory allows us to assign some kind of Audience to that application.

06

You can choose if you assign users based on their username or based upon the membership of a security group.

07

In my case it’s only me, so I select my user name and click on Assign. I can use this opportunity to enter the credentials of the XERO for that user of I can choose to leave it up to user to do that.

08

If I go back to my apps.windowsazure.com and refresh my page I’ll get this:

09

If you didn’t provide the Credentials for the app, you can do this in this portal by clicking on the Gear Wheel.

Let’s do try this and see what happens:

012 013

Result:

011

So without having to enter my credentials I got logged in to Xero from my own Applications Portal.

Check out the Application Gallery to find your favorite application.

Customize your Office 365 Login Page

One of the cool features of Windows Azure Active Directory (WAAD) is that we can brand the login page of Office 365. This makes it a lot more comfortable for companies to use the WAAD for all the web/cloud services. The first thing you need to do is to Opt Your Login Page.

Go to https://login.microsoftonline.com/optin.srf and Opt in your login page. You can test by browsing to http://aka.ms/aaddemo001 or http://aka.ms/aaddemo002 or even my fellow MVP Sean McNeill https://outlook.com/office365evangelist.com

The second part that you need to do is to Sign Up the premium features of Windows Azure Active Directory.

  • Go to the Windows Azure management portal: http://manage.windowsazure.com
  • Go to Active Directory
  • Select your Directory
  • Sign Up for features in preview
  • Select Windows Azure Active Directory Premium
  • Connect it to a Subscription

00

01

Once the signup is complete go back to your directory and you’ll see a button  Enable Active Directory Premium

Ok, once you’ve done this, it’s time to customize our branding page. In this case we’ll add our own picture and add our logo to the login page. To read all about the possibilities and requirements go to this TechNet site: http://technet.microsoft.com/en-us/library/dn532270.aspx

So Logon on to your Windows Azure Management Portal and go to Active Directories. Select your tenant and go to configure. If you activate your Premium features on your Active Directory you should see this button.

2013-12-17_0753

Click on Customize Branding. Select your default branding (or create a new one, it’s up to you). And click on the right arrow.

Change the Banner Logo, add some text to help the user understand the page and maybe change the Sign In Page Illustration. The tile logo -according to TechNet- is not used in the Sign In page. In the future, this text may be used to replace the generic “organizational account” pictogram in different places of the experience.

Time to test it:

https://outlook.com/j-solutions.beVictory.

Note: The text, the logo, … immediately success. The sign in page image … not so. Although TechNet says 1400*1200. That didn’t work for me. I resized it to 80% of that and victory. So make sure you stay under the dimensions of TechNet = 1400*1200 & 500 KB.

: the error messages are not really helping. The error message said “Something unexpected happened”. So you are on your own to find the real error.

Note: had also an issue with a transparent PNG. Converted it to JPG, worked like a charm.

Result

Result2

 

 

Windows Azure Active Directory: Self Service Password Reset Portal

One of the new features of Windows Azure Active Directory is the Self Service Password Reset Portal. A feature that was available for Administrators already but not the end-users.

The first thing that you need to do is to Sign Up the premium features of Windows Azure Active Directory.

  • Go to the Windows Azure management portal: http://manage.windowsazure.com
  • Go to Active Directory
  • Select your Directory
  • Sign Up for features in preview
  • Select Windows Azure Active Directory Premium
  • Connect it to a Subscription

00

01

Once the signup is complete go back to your directory and you’ll see a button  Enable Active Directory Premium

03

Select the number of contacts methods are required and which are available to users. You can choose to use the mobile phone number.This means that before users can do a full password reset they need to register their mobile number or the administrator has to make sure that there is some kind of system in place that does it for them. Don’t forget to activate the password reset before by selecting All.

attention Attention, the mobile number must be well formatted. E.g. +32123456789 will not work it has to be +32 123456789. Mind the space between +32 and 123456789. When the user registers the mobile number through the portal it is correctly formatted.

The url for the registration is : https://account.activedirectory.windowsazure.com/PasswordReset/Register.aspx

  • Enter your mobile number
  • Choose if you want a text or an automated call
  • Enter the received code

04

05

Once this is done, we can do a password reset. Go to https//login.microsoftonline.com and click on Can’t access your account. Enter your username & the captcha showing on the screen. Click on Next.

09

Now we enter the password reset procedure. Choose your telephone number if you have multiple and click on Next

06

Select if you want to be contacted by text or automated call. Click Next and enter the code you’ve received.

07

If your were successful in this step you’ll get the opportunity to change your password.

08