Thomas Turner
asked on
Looking for a two factor authentication solution for Office 365
I have an environment setup with 10 onsite and 20 offsite users. All using Office 365 E3 with SharePoint and exchange online.
NOTE: The offsite uses have VPN access but never use it, forcing them to use it is not an option.
We currently have ADFS working with no problems, but we are looking to implement two factor authentication .
What types of two factor authentication are available and what do you think the best solution would be?
NOTE: The offsite uses have VPN access but never use it, forcing them to use it is not an option.
We currently have ADFS working with no problems, but we are looking to implement two factor authentication .
What types of two factor authentication are available and what do you think the best solution would be?
Easiest to implement is Phone Factor https://www.phonefactor.com/buy.shtml which is now owned by Microsoft.
AD FS (federated users) does NOT work with phone factor yet. Every other 2FA solution available atm will also have different limitations, due to the fact that not all applications have a web component to display the 2FA options. So every Office 2013 app will not respect 2FA, same goes for mobile apps, etc.
If you can read another questions on EE, take a look at:
https://www.experts-exchange.com/questions/28348835/O365-Two-Factor-Authentication.html
If not just tell me to repeat my answers here :)
If you can read another questions on EE, take a look at:
https://www.experts-exchange.com/questions/28348835/O365-Two-Factor-Authentication.html
If not just tell me to repeat my answers here :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So every Office 2013 app will not respect 2FA, same goes for mobile apps, etc.
There is an app for IOS/Android.
Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro.
Microsoft will be adding 2FA to their office desktop apps this year
http://technet.microsoft.com/en-us/library/dn383636.aspx
There is an app for IOS/Android.
Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro.
Microsoft will be adding 2FA to their office desktop apps this year
http://technet.microsoft.com/en-us/library/dn383636.aspx
Yes, there are finally some good news on that front.
App passwords are not really useful, they are practically a way to bypass the 2FA and none of our clients are interested in such solution.
Let's hope that they will bring support for 2FA to their mobile applications as well. Which reminds me to spam some comments on that blog post :)
App passwords are not really useful, they are practically a way to bypass the 2FA and none of our clients are interested in such solution.
Let's hope that they will bring support for 2FA to their mobile applications as well. Which reminds me to spam some comments on that blog post :)
You are looking to do it just in time. Microsoft just released a native solution and should be rolling it out for office 2013 clients shortly
http://www.digitaltrends.com/computing/office-365-security-now-beefed-two-factor-authentication/
http://www.computerworld.com/s/article/9240026/Microsoft_protects_cloud_with_directory_integrated_two_factor_authentication
http://www.digitaltrends.com/computing/office-365-security-now-beefed-two-factor-authentication/
http://www.computerworld.com/s/article/9240026/Microsoft_protects_cloud_with_directory_integrated_two_factor_authentication
ASKER
Could I base the two factor auth on a certificate or MAC address of the computer?
No since they will not be something only you have. Anyone using the computer will have those items.
ASKER
bummer, I was thinking they would know the username and password and have the cert to make it two factor.
You may want to check out AuthAnvil -- I've used it in a number of situations and it works quite well.
https://www.scorpionsoft.com/office365
Jeff
https://www.scorpionsoft.com/office365
Jeff
ASKER
Thanks
Swivel PinSafe, RSA SecureID and PIV, everyone as limitations.
My advice is to check here Two-Factor Authentication and check your company security policies.
After choose the one that comply with your needs and budgets.
Regards