Microsoft acquires two factor provider

One of the criticisms levelled at Office 365 is that it doesn’t easily support two factor authentication. Basically this means that when you log into a system with an id and password you require another form of identification to gain access. This second factor is normally provided by a token that generates a number you enter during login.
Two factor provides an much greater level of security because it means that anyone trying to access your system need more than just a password (which could be captured by a key logged on a PC you are using). A good example of this is the PayPal security key that I have blogged about previously.

When you access PayPal you are asked for the security key number that appears when you press the key. So without this physical key you can’t gain access to PayPal services.
Now this is all well and good if you always remember to have your security key with you. But what happens if you don’t and you need to access your system? The solution is to use a software token. That is a piece of software on a device you have with you (a tablet or mobile for example) that allows you to generate the required key. A great example of this is Google Authenticator which I use with all my Google accounts as well as Lastpass. If I need to access my Google information or retrieve a password from Lastpass I simply run the Google Authenticator program on my iPad and enter the number it provides (along with my password and id) to gain access.
Even something as simple as Google Authenticator can prove technically challenging for some, so a final option is to use an SMS text message to provide the required key. As I mentioned, Microsoft has been a little late to the game but that should all change now that they have acquired Phonefactor.

Hopefully we’ll soon be able to use two factor authentication with Office 365 to provide additional security and overcome the tendency for users to implement poor passwords. It also looks like you’ll be able to use these with on premise Microsoft software but I reckon it’ll come to the cloud first.
I’ll keep my eyes peeled for when it becomes available and let you know.

More free reseller Windows 8 and Office 365 exam cram training

I am please to announced that Microsoft Australia has extended the full 2 day exam cram training session on the following exams:
Day 1 – 74-324: Administering Office 365 for Small Business
Day 2 – 70-687: Configuring Windows 8
to:
Brisbane

Day 1 – Tuesday 14th May (74-324: Administering Office 365 for Small Business)
Day 2 – Wednesday 15th May (70-687: Configuring Windows 8)

You can register here –
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032549551&Culture=en-AU&community=0
It is important to note that this training in not like my normal bootcamps. These days are specifically focused on helping attendees pass the appropriate Microsoft certification exams so they are eligible to attain the Microsoft Small Business Competency. Thus, to get the most from this training you should be at least familiar with Windows 8 and Office 365.
I hope you are able to attend and I look forward to meeting you on the day but remember to book early as there is only a limited number of places available at each venue.

Now is the time to start looking at Office 365 federated identity

One of the most difficult things to implement for cloud based systems is the concept of federated identity and Single Sign On (SSO). This means that a user only needs one set of credentials to log into the cloud or the local network. It also means that when they log in somewhere they are seamlessly logged into everything else they need.
Many local network users have taken for granted the fact that when they log into their local network (say Small Business Server) they are logged into the local machine, given access to files on the server, allowed to browse the Internet and more, all from a a single login.
Now, when users information is relocated to other systems, like the cloud, single sign on becomes much more challenging because you now have two (or more) completely separate systems that must trust each other first before they can share credentials between them. In the Office 365 world this was handled by Active Directory Federated Services (ADFS). When configured, this basically allowed the local network to ‘trust’ the cloud so users information could be passed securely between them.
Problem is that ADFS is really not a small business solution. It requires additional on site hardware as well a involved configuration process which was generally beyond most SMB resellers. Don’t get me wrong, ADFS is not impossible to implement in SMB but it certainly wasn’t a few clicks of the wizard.
For that reason, we have generally not seen a lot of Single Sign On (SSO) in SMB, yet there has been growing demand for a simpler solution. Personally, I now think we are about cross the Rubicon where SSO is a requirement. In that respect I would be suggesting NOW is the time to start looking at how to implement federation and SSO with cloud based systems. Sure, there aren’t a lot of solutions out there and many are complex but I think this will all change rapidly very soon. Get in early I say to lead the pack going forward.
So, my advice to SMB resellers and IT Professionals is to put aside what you have heard about ADFS and SSO and start investigating what they can offer. Have a look at third party options and two factor authentication. Most importantly keep you ear to ground on what changes are happening in the industry and be especially watchful of what Microsoft will bring to the table in the near future to greatly ease the pain of SSO in SMB.

Check your router’s vulnerability

A recent security vulnerability has been unearthed in many routers previously though safe. Universal Plug and Play (uPNP) is a method of easily configuring a router automatically to allow traffic to flow from the Internet into the local network. It should only be accessible from devices inside the local network. However, as it turns out, the vulnerability allows devices on the Internet to potentially reconfigure a router. This is REALLY, REALLY bad to say the least.
Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw
You can find out more about the specific of the issues at:
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
So advice is that you should check to ensure your router is not vulnerable. To do this visit grc.com and go to the Shields Up page like so:

Click on the GRC’s Instant UPnP Exposure test.
Hopefully you will see:

If not then you need to take steps to ensure you rectify any issues discovered.

Office 2013 transferability made clearer

There are plenty of changes around Office 2013 licensing along with questions about what happens with previous editions, what’s allowed and what’s not. Here’s a nice table that summarizes everything quite nicely.

More information is contained in the blog post:

http://blogs.office.com/b/office-news/archive/2013/02/19/office-2013-and-office-365-installations-and-transferability.aspx

Best posts from February

I have finally completed the migration of over 1,200 blog posts going back prior to 2007 onto this new platform. During the process I came across a lot of really good posts that are still very interesting and relevant. There are also plenty of interesting posts along with some funny and downright stupid ones. So, what I thought I’d start doing is spend one post a month reviewing a sampling posts from that month back in the history of this blog.
Thus, it being February here we go:
2012
Office 365 Identity options – information about the different ways that identity are handled in Office 365.
2011
No Office Web Apps on SBS 2011 standard – information about how Office Web Apps, which is an addition to SharePoint is not supported on Small Business Server.
SharePoint Foundation BLOB storage – details how Binary Large OBject storage can be used with SharePoint and why in an SMB environment you really shouldn’t use it.
2010
Productivity Part 1 – first of a three part series I wrote as a guest blogger on real productivity.
Installing SQL Server 2008 on Windows Server 2008 R2 – SQL is the basis for SharePoint storage.
2009
Productivity costs – how much poor productivity is costs businesses
Email addiction – interesting information about how many people’s lives are rules by email.
2008
It’s all going to the cloud – Yes, even back then I was saying this!

There is more to Office 365 than just suites

I have started to come across more and more people who don’t seem to realise that you can purchase individual Office 365 components. This means if you just want basic email you can purchase Exchange Online Plan 1 (from around $4 per user per month) or if you want email with advanced features like Legal Hold and unlimited inbox then you can go for Exchange Online Plan 2 (from around $8 per user per month). The same holds true for SharePoint, Lync and even Office on the desktop (yes you can purchase just the latest Office desktop software via Office 365).

Typically, if you needs extend beyond just a single product, say email and collaboration, then that’s when the value of a suite becomes apparent but importantly, you don’t necessarily have to start there. Let’s say you just want basic email, you could purchase Exchange Online Plan 1. Then a few months down the track you get bitten by the SharePoint bug (if you haven’t yet you will), you can simply add that to your current Exchange Plan 1 in Office 365.

The individual components of Office 365 are currently offered under the Enterprise (E) licenses. Currently the cheapest suite offering is the Small Business and Professionals license (P) which offers the basic plans of Exchange, SharePoint and Lync (but no Office) rolled into a single package. The good thing about this P licenses is that it is great value for what you get. The bad thing is that it is not as flexible as the Enterprise or E plans. This means you can’t add features to the P license (say kiosk workers).

For that reason, it is my opinion that most businesses should only consider E licenses for the simple fact that it provides far more flexibility with the ability to easily add and remove features for individual users. P Plans are great provided the business is not planning to change much and is unlikely to want additional functionality.

I would still caution people about P plan even if they think they are unlikely to change. Why? Because chances are a change of circumstance will dictate a need to change down the track. If they have locked themselves into a P plan then migration is not easy. A good example is where a business decides on a P plan solely based on price. Down the track, if they find they need inboxes greater than the current 25GB limit in a P plan they can not simply add to their current offering as doing so is unsupported on P Plans. However, if they were instead over on an Enterprise (E) plan it would be simple process to effect this upgrade, even for just a single user.

For example, here’s the link to just the Exchange Online plans in Office 365

http://www.microsoft.com/en-us/office365/exchange-online.aspx#PlansAndPricingTable

If you are in Australia you’ll find them at:

http://www.telstra.com.au/business-enterprise/business-products/t-suite-software/microsoft-office-365/index.htm#mos

My experience with ANY technology is that you want to provide the maximum amount of flexibility because situations change. This should be EXACTLY the same when it comes to choosing Office 365 for your business. My advice is to just start with what you need and grow from there. This generally means moving to Enterprise (E) plans from the get go. They may be a little more expensive than the P plans but having that flexibility is well worth any small incremental cost. Trust me, you’ll find out what I mean if you don’t.