Monday, 8 July 2013

Enable multi-factor authentication for a user in Office 365

Use the following procedure to enable multi-factor authentication for a user account. Please note that this feature is in preview.

1. Login to Windows Azure Management Portal.
2. Click Active Directory, and then click Directory.

3. Click on your Windows Azure AD tenant. 

4. Click on the Users tab.

5. On the Users page, search for the user you want to enable 2FA for and click on it.

6. Under role, select the Require Multi-factor Authentication check box.

When you select this option, the user must use a phone or another device and their password each time they need to sign in.

Please be aware that once multi-factor authentication is enabled on a user account, that user must complete the auto-enrollment when signing in. This will occur the first time the user signs in after the account has been enabled for multi-factor authentication. Until the user has done this, multi-factor authentication will not be enabled on the account.

Friday, 5 July 2013

Powershell command to get a list of Office 365 users with their assigned licenses

In order to get a list of all the users in your Office 365 tenant with the licenses that are assigned to them, you can run the following command. Change "c:\users.csv" to the location that you want to save the file.

Get-MsolUser -All | ft displayname , Licenses | Out-File c:\users.csv

This report will have both Display Name and License type in same column. If you need to split them into two columns, you can use the "Text to Columns" feature in Excel under the DATA tab to do this. I managed to split them by selecting Other under Delimiters and split where "{" is.

This is because licenses start with "{" and end with "}" (for example if the user's assigned license is E3, it would show as {mytenant:ENTERPRISEPACK}).

Force a full password synchronization using the new DirSync tool with password sync feature

In order to force a full password sync in the new Windows Azure Active Directory Synchronization tool for Office 365, you need to do the following:

  1. Open Registry Editor
  2. Browse to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > MSOLCoExistence > PasswordSync.
  3. Change the "FullSyncRequired" registery key value to 1.
  4. Go to Services
  5. Restart the "Forefront Identity Manager Synchronization Service" - this will also restart the Windows Azure Active Directory Sync Service.
  6. Once done, you will notice logs with Event IDs 656 which are the "Password Change Request" events  and 657 which are the "Password Change Result" events.