office 365 logo

As per 10.02.2014 Multi-factor authentication is avaliable, but……

Background: I could not Connect to Lync 2013 on my user with Multifactor Authentification (this was before 2factor was Integrated into 365). I could not understand the problem and after raising a Ticket the support technician asked me to move the user over to an other domain and back to get reprovisioned for Lync. THEN it started. Multi-factor authentificaiton was released that same day and now, none of my clients or apps would connect. I hastely E-mailed support and you know, they called me back within 15 mins! WOW. Finally after 2 hours on the phone with Support we figured it out! Multi-Factor does not allow apps or clients anymore to Connect without a app password. Duh 😦

Reference: Technet Article

Your Apps such as PowerShell, Outlook 2013, Lync 2013, Lync App, Windows Phone, Mail-App and most other apps will not work as usual. This is because they do not support Multi Factor Authentification:

From TechNet: Non-browser apps, such as Microsoft Outlook and Microsoft Lync, currently do not support multi-factor authentication.  Multi-factor authentication is enabled per user.  This means that if a user has been enabled for multi-factor authentication and they are attempting to use non-browser clients, such as Outlook 2013 with Office 365, they will be unable to do so.  An app password allows this to occur.  An app password, is a password that is created within the Windows Azure portal that allows the user to by-pass the multi-factor authentication and continue to use their application.

The Solution: App Passwords!

The following is a list of applications that support App Passwords.

  • Office Subscription
  • Outlook
  • Excel
  • EAS clients
  • Lync
  • Office 15
  • Word
  • POWERSHELL IS NOT SUPPORTED (don’t use 2factor on Your admin account)

NOTE, everything else you want to Connect to do NOT support App pasword, hence you can not connect to the Office 365 With other Apps than this.

To set up App Password go here: (make sure you have turned on Multi Factor Authentification)

From TechNet: When your account is enabled for multi-factor authentication, you will not be able to use non-browser applications such as Microsoft Outlook, Lync, and Windows PowerShell because these clients do not support multi-factor authentication. In order to continue to use your applications, you must set up App Passwords for your clients. To create or change app passwords go to http://aka.ms/mfasetup.  For additional information about app passwords, see App Passwords with Windows Azure Multi-Factor Authentication.

TIPS:
1. App passwords require a new IT strategy.
2. App passwords is only displayed once, so if you forget you have to generate a new one.
3. Generate one password per App
4. Create a Separate PowerShell Admin account

You can NOT set a personal App Password at the moment.

This is where you enable Multi-factor Authentification
This is where you enable Multi-factor Authentification

2factor

Remember to "Enforce" the policy after you enable 2factor
Remember to “Enforce” the policy after you enable 2factor
Advertisements