[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Looking for a two factor authentication solution for Office 365

Posted on 2014-02-10
12
Medium Priority
?
505 Views
Last Modified: 2014-02-25
I have an environment setup with 10 onsite and 20 offsite users. All using Office 365 E3 with SharePoint and exchange online.

NOTE: The offsite uses have VPN access but never use it, forcing them to use it is not an option.

We currently have ADFS working with no problems, but we are looking to implement two factor authentication .

What types of two factor authentication are available and what do you think the best solution would be?
0
Comment
Question by:TRTurner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +3
12 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39847408
For office 365 there are 3 methods for two factor authentication:

Swivel PinSafe, RSA SecureID and PIV, everyone as limitations.

My advice is to check here Two-Factor Authentication and check your company security policies.

After choose the one that comply with your needs and budgets.

Regards
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39847822
Easiest to implement is Phone Factor https://www.phonefactor.com/buy.shtml which is now owned by Microsoft.
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 39848272
AD FS (federated users) does NOT work with phone factor yet. Every other 2FA solution available atm will also have different limitations, due to the fact that not all applications have a web component to display the 2FA options. So every Office 2013 app will not respect 2FA, same goes for mobile apps, etc.

If you can read another questions on EE, take a look at:

http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Microsoft_Office_365/Q_28348835.html

If not just tell me to repeat my answers here :)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 39849383
OK, I stand corrected - they just released the 2FA support for federated users:

http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/

Now let's see how long it will take for them to post the documentation...
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39849431
So every Office 2013 app will not respect 2FA, same goes for mobile apps, etc.
 
There is an app for IOS/Android.

Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro.

Microsoft will be adding 2FA to their office desktop apps this year

http://technet.microsoft.com/en-us/library/dn383636.aspx
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 39849446
Yes, there are finally some good news on that front.

App passwords are not really useful, they are practically a way to bypass the 2FA and none of our clients are interested in such solution.

Let's hope that they will bring support for 2FA to their mobile applications as well. Which reminds me to spam some comments on that blog post :)
0
 
LVL 15

Expert Comment

by:sharepointguru14
ID: 39852126
0
 
LVL 6

Author Comment

by:TRTurner
ID: 39853590
Could I base the two factor auth on a certificate or MAC address of the computer?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39853639
No since they will not be something only you have.  Anyone using the computer will have those items.
0
 
LVL 6

Author Comment

by:TRTurner
ID: 39853711
bummer, I was thinking they would know the username and password and have the cert to make it two factor.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39862333
You may want to check out AuthAnvil -- I've used it in a number of situations and it works quite well.

https://www.scorpionsoft.com/office365

Jeff
0
 
LVL 6

Author Closing Comment

by:TRTurner
ID: 39887266
Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question