Microsoft is rolling out two factor authentication for Windows Azure Active Directory (WAAD) called Windows Azure Active Authentication, http://www.windowsazure.com/en-us/services/identity/I wanted to give this a test drive, here is my experience with the new Active Authentication.

Setup

Microsoft published a TechNet Article about configuring WAAD for Active Authentication, http://technet.microsoft.com/library/dn249466.aspx

From the Article:

Creating an Active Authentication Provider

  • Log on to the Windows Azure Portal as an Administrator.
  • On the left, select Active Directory.
  • On the Active Directory page, at the top, select Active Authentication Providers. Then at the bottom, click New.
  • Under App Services, select Active Auth Providers, and select Quick Create.
  • Fill in the following fields and select Create.
    • Name – The name of the Active Auth Provider.
    • Usage Model – The usage model of the Active Authentication Provider.
      • Per Authentication – purchasing model that charges per authentication. Typically used for scenarios that use the Windows Azure Active Authentication in an application.
      • Per Enabled User – purchasing model that charges per enabled user. Typically used for scenarios such as Office 365.

      For additional information on usage models, see Windows Azure pricing details.

    • Directory – The Windows Azure Active Directory tenant that the Active Authentication Provider is associated with.
  • Once you click create, the Active Authentication Provider will be created and you should see a message stating: Successfully created Active Authentication Provider. Click Ok.

Here are the settings I configured:

And here is the newly created Active Auth Provider:

Enabling a user for Active Authentication, http://technet.microsoft.com/en-us/library/dn296530.aspx

From the Article:

 

  • Depending on which portal you are using, do one of the following:
    • If you are using the Windows Azure Management Portal, click Active Directory, and then click Directory. Next, click on your Windows Azure AD tenant. On the Users page, click the user you want to enable, and then under role, select the Require Multi-factor Authentication check box.
    • If you are using the Windows Azure AD Preview Portal, in the left pane, click users and groups, next to multi-factor authentication, click Manage. On the Multi-factor authentication page, select the check box or boxes next to the account(s) that you want to activate, and then click Enable. In the Enable multi-factor authentication? pop-up, click Yes.

Here is the results:

 

Going to Portal.Office365.com I enter the username and password and click sign in:

Notice the new message:

And the need to set up for additional security verification:

Here is the link to information about the authentication options, http://technet.microsoft.com/library/en-us/jj863118

I first tried to setup using the Active Auth Windows Phone 8 App:

I was able to get my Phone App to scan the code and give me a verification code:

 

But when I hit this screen it just kept spinning and then eventually stating the activation verification failed, need to look more into this and will follow-up with a blog

UPDATE: Working with Microsoft they seem to believe that the error with the Windows App is caused by DirSync, They are working on a fix and will update with new blog post once it is available.

So to get things going, I switched to using Mobile Phone:

Once I click save I had to verify the Mobile Phone, they sent me a code via SMS and entered in below:

Once verified everything was ready

Back to the login page, I was sent another code via SMS to login:

And that was it, I was into my Office 365 Portal!

As stated going to figure out why the Active Auth app method would not verify and blog when I get it working!