MFA – Great security enhancement or productivity buzz-kill?

MFA – Great security enhancement or productivity buzz-kill?

We’re a little more than a month into turning on Office 365 Multi-Factor Authentication (MFA) for everyone at CloudStrategies. My aim here is to share some thoughts and observations around the experience of using the technology across all my various devices. Is MFA a great way to secure our Office 365 tenant or a productivity buzz-kill? Within the first few days – I would have said a definite yes to both those questions. After a little more time using it every day, I still believe in the security benefits, but have warmed up enough to feel a little less productivity challenged.  More than that, I feel comfortable that I’m taking reasonable and prudent measures to protect access to our systems and data while leveraging the investments we’ve already made in Office 365.

So – let’s start with level setting on what MFA is, and why I believe more and more businesses are going to deploy it sooner than later. Frequently referred to as 2-factor authentication, MFA is technology that requires that a user not only have a username and password to access technology platforms, but instead also prove that they possess something as an additional level of security before accessing systems. The classic example that’s in everyone’s wallet is a debit card. The card without the pin isn’t useful, and the pin without the card doesn’t get you money from an ATM either.

Years ago I carried an RSA SecureID token that had a rotating number on a screen that I needed to have with me at all times to access corporate platforms. The geek in me thought it was cool to carry with me on my key-chain – but the user in me quickly found it difficult to have to sign-in to a VPN before I could do any work from outside the office. Though it may have been subtle, it definitely was enough of a pain that I wouldn’t bother signing in for anything other than a very specific purpose or goal – thus discouraging me from doing as much work as I otherwise might have from outside of the office.

Today, with Microsoft’s implementation of MFA for Office 365, I have a similar feeling of security as I did with my RSA ID, but yet, for my main devices and applications, I also have a sort of “fast pass” that makes the productivity hit much more manageable.

There are two core components of MFA that end users will learn to manage. The first is very much like the RSA experience – though it primarily is delivered through an App on the end users cell phone. The second is called an App Password and can be used as a one-time code for any application that needs to access an Office 365 resource on a regular basis (in the background) – such as email clients, OneNote, calendar applications, cell phones, etc. Let’s talk about the experience of each of these parts of MFA:

For the first part, any time a user needs to access any Office 365 resource through a web browser – whether on their own device – or on a public device, they will start by signing in normally with their username and password. After doing so – instead of immediately gaining access their account, they will be prompted to provide a second level of authentication. For this, there are a few choices. The one I’ve been using has been to be prompted for a 6 digit number that I can only retrieve by launching a simple app on my mobile phone. When prompted for the code, I simply pull out my phone, launch the app, and wait for it to provide me with the number. The number is continuously changing – every 30 seconds or so, so you can never predict what it is and need to type in the number within a given time period. This works exactly like my old RSA token did – perhaps with one benefit in that when I’m home I find that my phone isn’t ever very far away from me – as opposed to where I kept my keys and RSA token – so I’d need to run to the other side of the house to retrieve it.

For all non-browser based access to Office 365 applications, a user’s regular password will no longer be enough to access the system. Because applications like Outlook, Office applications, mobile phone apps, etc. do not have a mechanism to support the entry of an Authentication Code, they will instead leverage a uniquely generated “App Password”. Office 365 can generate up to 40 unique 16 digit App Passwords that can be used for individual applications or devices. App Passwords, once generated, can never be displayed a second time. They are entered and stored in individual applications on a per device basis and once entered, applications function normally – without the need for a MFA Authentication Code. The security strength of App Passwords comes from the fact that they can be deleted at any time. The productivity benefit of an App Password comes from the fact that once entered, those applications no longer need to have a password entered for recurring access to Office 365.  In the event of a breach, and once an App Password is deleted from the Office 365 console, any apps that have stored that password will no longer be able to access Office 365. Think about a scenario where a device is lost or stolen – a simple action of deleting the App Password will nullify that devices ability to provide any access to anything that shouldn’t be accessed.

Security in our lives always comes at a cost – frequently restricting access or limiting our capabilities. Microsoft’s Office 365 MFA solution provides an increased level of protection with a reasonable approach to securing systems and data. Any productivity hit is likely short lived for most users and the comfort that businesses can receive knowing that users data won’t be easily be compromised through the loss of a device or the inadvertent compromise of an individual’s password.

Federation – Keeping Skype for Business Online Private

Federation – Keeping Skype for Business Online Private

Especially now as Lync officially becomes Skype for Business many people are wondering what the difference is between Skype for Business and… Skype NOT for business!

In the beginning….

It may help to start by remembering that, when it was introduced, Lync was originally called the Microsoft Office Communications Server (OCS), offering companies the ability to create a closed network through which their own people could send and receive instant messages, voice, and video communication with each other using their internal data network as the transport.

(For those old enough to remember, this is not “the beginning” by any means. Some will remember back to the original incarnations of “syscon”, a prompt line command given to allow operators to communicate with the system console operator to ask questions and communicate quick messages.  This was followed by internet relay chat (IRC), sendmail and other communication applications that eventually led to the development of OCS.)

At about the same time, Skype was growing to become the largest public communications network in the world, offering instant messaging, voice and video communication, screen sharing, and more to any user who downloaded the client software and signed up for the service, for free!  For additional charge users could use the interface to make telephone calls that would connect them to the public switched telephone network (PSTN).

Microsoft Competes, and then it doesn’t

Those who follow Microsoft know that there are really very few platforms, applications, or segments upon which Microsoft does not compete, and communications would certainly not be one of them.  Microsoft Netmeeting eventually gave way to The Communicator which eventually became the client end of Microsoft Windows  Messenger and MSN Messenger on the Microsoft Network, which would eventually just be called Messenger before it finally went away completely, replaced by the other network Microsoft purchased outright, Skype!

Why would Microsoft buy Skype if they had both Lync (formerly Office Communications Server) and Messenger (formerly called so many things)?

Many believe that Microsoft was seeking a way to become the software-based substitute for the common PBX phone switches that large corporations used to control their many telephones. Voice over IP had demonstrated that much money could be saved by eliminating corporate telephone networks and the management costs attendant to them and moving all voice, video, and other communications onto the corporate data network.  Skype’s telephone interface might contain a way for Microsoft to provide that connection to the PSTN without itself becoming a regulated public utility!

So Will Skype be Public or Private?

The happy answer is “potentially both, depending upon the wishes of the network owner.”

Just as has been the case with Lync and OCS before it, including Lync Online which will now become Skype for Business Online, customers have the opportunity to control access to their private network by using a control called federation.

Simply defined, federation allows private networks to choose which external domains will and will not be allowed to communicate with users on their internal network.  As an example, when CloudStrategies partners with a new software or service provider, let’s say Microsoft, the network administrator will visit a console that contains a list of those external domains allowed to “federate” with and thereby communicate with cloudstrategies.net.  By adding “microsoft.com” to that list, users in the microsoft.com domain can now communicate via Skype with users in the cloudstrategies.net domain.

Network owners also have the option to leave federation “open” which will allow anyone from any domain to communicate with anyone in their domain.  With very few exceptions, this does seem to have the effect of negating the value of having a private network.

What May Be Even More Interesting

We recently blogged about Yammer here in the CloudStrategies Blog.  There is certainly some degree of overlap between some functions of Yammer and some functions of Skype.  How or if these will be integrated, since Microsoft owns both, will be interesting to follow, and we’ll be sure to keep you posted.

The new Skype for Business clients are rolling out to Skype for Business Online users and soon will become available to users of on-premise versions of Skype for Business Server.  To learn more about making the transition as smoothly as possible, and how to manage federation effectively, contact your CloudStrategies Advisor today!

Microsoft Lync – Becoming the Telephony Leader

Microsoft Lync – Becoming the Telephony Leader

Choices. Have you ever noticed how communicating with others is really all about making choices?

We choose what to say. We choose our words (hopefully carefully). We may include illustrations. We choose supporting gestures, even facial expressions and changes in tone of voice. We choose media, voice over telephone or computer, written words, video, shared applications or desktops, fax, texting or email and more.

While technology has never dictated our choices it has been somewhat difficult, in the past, to receive content or messaging one way and respond to it in another.  Taking content from a fax, for example, and responding in an email required scanning, retyping, or some other time-consuming manipulation to respond to in an email.

Unified Communications

Beyond all else, the vision of Unified Communications was to make it easy, in fact effortless, for people to make their own best communication choices.  Microsoft Lync is an ideal example of this vision in action.  A user receiving an instant message over Lync can choose to simply respond by typing an instant message.  If they feel the response calls for a more personal response, or requires an extensive response that might take too long to type, they can simply click to choose voice communication instead.  Should the ensuing dialogue require even more personal interaction they can then add video with just a click.  If supporting data will help resolve the issue, they can share the contents of their own screen, or any application, with just a click.

Each new medium adds more modes of communicating.  Voice adds inflection, volume, and other nuances.  Video similarly adds facial expression, virtual “eye contact” and more.  Because these modes go beyond words, they are called paralinguistic cues, and being able to add and move among these modes is what creates truly robust interactions.

Lync delivers on the promise of effortless multimodal switching!  Truly an enabler of new dimensions of more effective interpersonal communication!

Expanding the Network

As would be true of any network, if companies attempted to use only their corporate Lync network as their sole means of communication they would be cutting themselves off from the mainstream of people who don’t use Lync.  In a November 10, 2014 post on Office Blogs, the Microsoft Lync Team itself reports that “over 40 percent of our person-to-person VoIP calls had at least one person using Lync outside the Microsoft firewall (over 7.5 million of our 19 million minutes).”

To include the global community of businesses and people who use public-switched telephone as their primary communications medium, Lync integrates telephony services.  In fact, according to a Gartner study from October 2014, “Microsoft is the seventh-largest corporate telephony vendor with 5.1% of the global market in 2013 with significant annual growth of 106% in 2013. Microsoft continues its strong growth in 2014 and is being chosen by more enterprises as their strategic corporate telephony platform.”

In fact, Lync currently provides telephony services along with its other unified communication services, to customers with more than 200,000 users on their network, which clearly validates Lync’s potential as “software-only” alternative to the dated PBX systems currently in use at many corporations.  According to the Gartner study, “Microsoft continues to develop Lync as a corporate telephony solution, although organizations generally select it initially for presence, instant messaging (IM) and conferencing needs, and then evaluate it as a replacement for their legacy PBX platforms.”

Integrating Lync and Skype to Increase Market Share

Skype has become a key unified communications choice for millions of users worldwide, and since Microsoft’s acquisition of Skype in 2011 people have conjectured as to how Lync and Skype will be brought together.  The answer came in November 2014 with the announcement of Skype for Business, which brings the best of Skype and Lync due out in 2015.

The Gartner “Magic Quadrant” for telephony still shows competitors like Cisco and Avaya having greater completeness of vision.  The Gartner Magic Quadrant for Unified Communications, however, positions Microsoft as the industry leader both in completeness of vision as well as ability to execute.  Clearly, Microsoft is intent upon matching their telephony position to their UC position.  With the global telephony network incorporated into the effortless ability to choose communication modes and media within a single, consistent user interface, Lync users will enjoy unparalleled facility and flexibility.

The Importance of a Qualified Partner

Gartner cautions, “Gartner clients report challenges in providing high availability with Microsoft Lync for basic telephony. Poor call quality, dropped calls and system outages plague some implementations that did not utilize a qualified Microsoft Lync integrator.”

Trust CloudStrategies to provide the guidance, the innovation, and the quality of integration and support services required to provide a truly effective Lync operating environment.  Contact us today for more information.

Microsoft Refines Its Focus on The Cloud

In his FY 2012 annual letter to shareholders, former Microsoft CEO Steve Ballmer first identified Microsoft as being a “devices & services” company, saying “This is a significant shift, both in what we do and how we see ourselves — as a devices and services company. It impacts how we run the company, how we develop new experiences, and how we take products to market for both consumers and businesses. The work we have accomplished in the past year and the roadmap in front of us brings this to life.”

That declaration has been further refined.

The new CEO of Microsoft, Satya Nadella, recently issued an email to all of his employees in which he declared that Microsoft would be known, going forward, as the “productivity and platforms company” in our “mobile-first and cloud-first world.”  In this blog post, we’ll explore what he meant, and what it means to all of us.

Productivity & Platforms

Fundamentally, Nadella is referring to the two services that will form the foundation of the future for Microsoft:

  • When he says “productivity” he is referring to Microsoft Office 365, the complete productivity suite which gives you the familiarity and power of Office with the flexibility of the cloud. With Office in the cloud, your applications and files are with you wherever you go, whether you’re working offline at your desktop, online, or on one of your devices. Edit files at your PC or Mac. Email or share files from your tablet. Join an online meeting from your phone. What you need is accessible from anywhere, right up front, and always up to date.”
  • When he says “platform” he is referring to Microsoft Azure, the “open and flexible cloud platform that enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool or framework. And you can integrate your public cloud applications with your existing IT environment.”

Mobile-First

Going back just a few years, if you spoke with anyone about networks or computing you’d probably both be picturing a desktop or laptop computer with someone sitting at a desk doing productive work.

Today, you may be in your car shopping for a new appliance.  Instead of driving from Best Buy to Lowe’s and to Home Depot you more than likely take out your handheld smartphone device and open the app for each of those retail stores to compare their prices on the unit you’re interested in.  Perhaps you’re already in one of those stores when you find what you’re looking for and want to compare prices.  You simply point your smartphone at the “QR” or bar code on the shelf-sticker for the item, scan it, and instantly obtain price comparisons from the other stores.

Then you may sign on to your bank to make sure you have sufficient funds in your checking account to make the purchase.

Needing moral support, you text a friend to ask their opinion of your intended purchase.  They point out some reviews you might want to look at.  You email home asking your spouse to take a quick photo of the spot you have picked out to install this appliance in to make sure it will look right there.

The next day you’re heading into work and begin checking in via email with your team members… on the same device.  You go to work before you even get to work.

Cloud-First

As you’re heading to the office you check your inbox and receive a complaint from a client that you didn’t send the file they’ve been waiting for and they need it before the start of the working day.  Do you turn around and head home to retrieve it?  Speed up and drive recklessly to get to work sooner?

No.  You keep all your workfiles in Microsoft OneDrive, your private cloud storage service.  That cloud storage is automatically replicated on your office computer so when you work on a document it is automatically saved locally and in the OneDrive cloud.  Your home computer also replicates that OneDrive cloud storage, so the document was already there on your local drive to work on over the weekend at home.

Now, as you’re travelling, you access OneDrive using that same trusty handheld smartphone you’ve been using and email it directly to the client from where you are.  Problem solved.

Your Productivity and Your Platform

Turn to CloudStrategies to help you architect your platform for future productivity.  Much is changing not only within Microsoft but within the entire IT industry.  We’re here to help you navigate through all of it, finding those innovations that are right for you and your business.

Active Directory Federation Services: Protected Connection

Active Directory Federation Services: Protected Connection

Presence Unknown

While it may seem frustrating to see these two words when using Lync, it’s actually good news.  Active Directory Federation Services are busy at work protecting you and the person you’re trying to communicate with.

According to the Microsoft Windows Server website,”Active Directory Federation Services (AD FS) simplifies access to systems and applications using a claims-based access (CBA) authorization mechanism to maintain application security. AD FS supports Web single-sign-on (SSO) technologies that help information technology (IT) organizations collaborate across organizational boundaries.”

Using Lync again as the example, you can choose to open federation completely to all domains, or close it to all but those you specifically indicate as open.  Leaving federation completely open renders Lync to be much like Skype, a public instant messaging, voice, video, and application sharing mechanism in which anyone can contact you unless you specifically block them.

Closed federation keeps Lync private.  Until you add other domains to your list your Lync service is basically a private internal communications channel for use by others within your domain only.

“Any Any Any” Access

In addition to providing single-sign-on convenience, AD FS now provides a new Web Application Proxy which makes it easier for internal users to access corporate applications from devices which may be currently outside the corporate network, as an example when connecting through the cloud.

Also supported in multi-factor authentication and identification in which a specific code is generated that can be displayed on a token device.  This code must be given along with ID and password information to gain access to network resources.  By combining something you know, namely your ID and password, with something you have, the token that generates the code, you increase access security substantially over simple challenge/response services.

AD FS can also be used selectively to give a specific user access only to specific applications and resources.

AD FS Protects Cloud Users

By controlling access to networks and network resources selectively, AD FS gives cloud administrators extraordinary latitude in controlling access both to on-premise as well as cloud-located systems and services.  Many improvements have been added to the Windows Server 2012 version of AD FS including improved installation, additional Powershell cmdlet tools, as well as enhanced access from personal devices, improved support for the development of modern applications, and new risk management tools.

How to Move from Bricks to Clicks

To Cloud or Not to Cloud – How to Move from Bricks to Clicks

To Cloud or Not to Cloud

How to Move from Bricks to Clicks

 

Cloud computing strategies deliver higher IT service levels at lower cost by reducing many expenses. Deployed effectively, they can actually ELIMINATE many expenses, including office rental and all of the operating expenses related to maintaining office locations. Here and in this month’s CloudStrategies Webinar you’ll learn more about how your company can enjoy these savings.

Former Novell chairman Robert Frankenberg has often been credited with being the first to say that “Work is an activity, not a destination.” Certainly, especially these days, everyone is finding that to be true.

The Beautiful Balance Sheet

Imagine running a business with almost no physical plant costs. No rent or leasehold expense. No big electric bill or phone bill, no heating or cooling costs, no premises security or maintenance. Imagine the impact to your balance sheet!

More of the One Resource Nobody Gets More Of

Many people like to say that “Time is the enemy.” Everybody wants more but we all get exactly the same amount. That’s true, but it becomes a question of how well you use what you have. Companies whose people work from home gain hours of productive time each day that would otherwise be spent commuting to and from an office or other work location.

Do What Major Corporations Do

Many major corporations are sending their people home to work. Supplied with business cards bearing their own home address, dedicated phone and fax numbers, and equipped with a personal computer, all-in-one printer/fax/scanner and perhaps a phone these workers have moved from “bricks to clicks” almost effortlessly.

They rise to work each morning and their commute takes a few seconds as they go from bedroom to office space. There, they sit down with all the communications and productivity capability they could possibly want. Many don a headset that can connect via Bluetooth to their computer, their mobile device, and their phone so their hands are always free to work on the keyboard and mouse.

How do you start to put this all together for YOUR company?

Start with Microsoft Office 365!Microsoft Office -365 Logo

Microsoft designed Office 365 to offer everything remote workers needed to be productive from anywhere.

Office 2010 Professional -Write and edit the documents you need to produce with Word, the foremost choice of word processors. Build the spreadsheets that guide your business in Excel, the presentations to convey all of this to others using PowerPoint. Microsoft Office 2010 Professional is a key component of Microsoft Office 365

Microsoft Exchange & Outlook deliver the most popular email messaging and personal information management platform in the world. Share calendars, contacts, tasks, notes, and other information with all of your colleagues wherever they may be.

Microsoft Lync -Lync REDEFINES communication. Share instant messages for quick notes, questions, or comments with your colleagues, clients, suppliers and other associates. Speak with them, see them on video, even share each others’ computer screens to collaborate on projects. Best of all, you can gather in large groups to hold meetings or just say hello. Whoever is speaking is displayed on the video and anybody can share just about anything.

Microsoft SharePoint enables powerful collaboration and sharing of information in one convenient place that everyone in the organization can securely and readily access.

Windows Intune LogoAdd Windows Intune to manage everything and you have greater efficiency and superior productivity with no physical “home base” to worry about or pay for!

The experts at CloudStrategies can help you select client devices, communication accessories, and select the right services to drive your completely cloud-based office.  Call today to learn more.

How can we help? CloudStrategies Discover, Adopt, and Manage Great Cloud Solutions
Drop us a note on what type of Cloud Solution that you're interested in learning more about...