- Lync Server Cookbook
- Fabrizio Volpe Alessio Giombini Lasse Nordvik Wed? António Vargas
- 564字
- 2021-08-06 19:28:37
Enabling two-factor authentication
In 2013, the July cumulative update for Lync Server 2013 added two-factor authentication for the Lync 2013 client. As we mentioned in the introduction, the feature is available for Lync Online users, while on-premises deployment requires you to add a third-party solution. Two-factor authentication is based on the "something you know, something you have" principle, meaning that knowing a user's password without having an additional security item (a smart card) will not give access to Lync. An additional method could be based on "something you have" (a trusted device). We will see how to configure Office 365 (Lync Online) support for Multi-Factor Authentication (MFA). Office 365 MFA is a scaled-down version of Azure Multi-Factor Authentication service available to support both Azure and on-premises deployments. We will talk about it in the There's more… section.
How to do it...
- Log on to the Office 365 portal and go to Users and Groups | Active users and select Set Up to the right of Set Multi-factor Authentication Requirements, as we can see in the next screenshot:
- Select the user that will use the Multi-Factor Authentication and select Enable.
- We will receive an About enabling multi-factor auth screen that requires a confirmation. Select the Enable Multi-Factor Auth button, as shown in the following screenshot:
- Select Close in the Updates Successful screen.
- The Manage User Settings option enables us to force the user settings related to MFA with the Require selected users to provide contact methods again and Delete all existing app passwords generated by the selected users features.
- The next time the user tries to log on to Office 365, they will receive a request to set up this account for additional security verification, as we can see in the following screenshot:
- There are three available options shown in the following screenshot: Mobile phone, Office phone, and Mobile app. Each one of them requires additional parameters (like a mobile number) to work.
- The device will be verified with a call or a text message.
- The next time the user logs on to the Office 365 portal, after the account and password screen, there will be an additional verification based on the selected additional security method.
There's more...
Azure Multi-Factor Authentication (MFA) is an interesting service, and it is important to say that it can be deployed also in an on-premises environment. Azure MFA includes options for one-time passwords (generated with the MFA app), phone calls, and text messages. Now, we need to perform the following steps:
- We will need to access the Azure Portal (as explained in the Managing Windows Azure Directory for Lync Online recipe).
- From the directory management portal, we have to launch Enable multi-factor authentication, as we can see in the following screenshot:
- The lower bar will show a completed operation notification, like the one shown in the following screenshot:
- In the lower part of the USERS tab, we have the MANAGE MULTI-FACTOR AUTH icon:
- As soon as the Multi-Factor Authentication provider for the selected domain is created, we are able to configure the settings for MFA. As we can see in the following screenshot, the feature is richer than the one we saw in Office 365:
Note
Azure has two MFA usage models Per Authentication and Per Enabled User, and both of them have an associated cost. The costs are explained in the Active Directory pricing details page (http://bit.ly/1fspdhz).
- 密碼學原理與Java實現
- 深入實踐Spring Boot
- HBase從入門到實戰
- 數據結構習題精解(C語言實現+微課視頻)
- Android NDK Beginner’s Guide
- 低代碼平臺開發實踐:基于React
- 圖數據庫實戰
- 深入剖析Java虛擬機:源碼剖析與實例詳解(基礎卷)
- Flowable流程引擎實戰
- Canvas Cookbook
- Django 5企業級Web應用開發實戰(視頻教學版)
- Mastering Gephi Network Visualization
- Mastering JavaScript
- Java Web開發教程:基于Struts2+Hibernate+Spring
- Java服務端研發知識圖譜