U rolling out 2FA for UMail, O365 for campus employees
The University of Utah will soon roll out the second phase of its security upgrades, which will require two-factor authentication (2FA) for UMail and all Microsoft Office 365 applications.
Starting September 15, 2020, all University of Utah faculty, staff, and affiliates must use 2FA to access their UMail and all O365 apps, including Skype for Business and Microsoft Teams, through desktop clients or mobile devices. Students are not required to use 2FA unless they are also campus employees with access to sensitive or restricted university data. The U’s current 2FA solution is Duo Security, or Duo 2FA.
Definitions
Phishing is when an attacker attempts to acquire your password by impersonating a trusted and/or known source or organization, in the hopes of tricking you into accidentally providing your password, potentially leading to the attacker gaining unauthorized accessto your email account, information, and other resources protected by the same password.
Two-factor authentication (2FA) is a security measure that asks users to present two credentials (e.g., your password and a phone with an authentication app) when logging in to an account. 2FA makes it far more difficult for attackers to access an account or information if they somehow gain access to a user’s password.
Resources
- Knowledge Base article: UMail and Office 365 apps security upgrade
- Knowledge Base article: Duo two-factor authentication (2FA) overview
- The Information Security Office website
University of Utah Health personnel and U employees with access to sensitive or restricted university data were part of the phase 1 rollout on July 15, 2020, when UIT teams implemented Microsoft modern authentication to enable the new security enhancements.
Most users do not need to do anything to prepare for the September 15 change.
Those still using legacy IMAP/POP protocols, however, will lose access to UMail unless they reconfigure their computers and/or mobile devices for modern authentication or receive an exemption. UMail Outlook Web Access (www.umail.utah.edu) will continue to be available via web browsers on mobile devices and computers.
Additionally, UIT will block devices from accessing UMail over NTLM, an integrated Windows authentication method. The U’s Information Security Office identified NTLM as a common attack tool employed by bad actors to circumvent 2FA. Users experiencing service interruptions should use OWA.
To learn more about modern authentication, including the minimum requirements and instructions for reconnecting your devices, please access this IT Knowledge Base article.
To request an exemption, users should complete and submit the UMail Exempt form (authentication required) — “the sooner the better,” Unified Communications Director Mike Ekstrom said, noting that exemptions must be approved by the manager, the ISO, and a cognizant dean or vice president before they're activated.
Users should only request an exemption if they have unusual work- or course-related reasons for which 2FA for UMail and all O365 apps would be untenable. Anyone with access to sensitive and restricted data, such as protected health information (PHI), is not eligible for an exception.
“The spirit of these exceptions is not to be permanent but to be an opportunity for people to continue to function while they find more secure alternatives and bring their solutions up to date,” Ekstrom said.
The security upgrades aim to help prevent unauthorized access to university email and resource accounts as a result of phishing schemes.
And they’re working.
“Since the implementation of phase 1 security upgrades, the university has not experienced any phishing incidents related to protected email accounts,” Enterprise Security Associate Director Jake Johansen said.
He added that he expects phase two will reduce risks related to phishing incidents even more, as the university expands the protections to cover more UMail and O365 users.
“This is all to protect our students, staff, and patients,” Ekstrom said. “This is all to make their ability to work and function more secure.”
Need IT support?
If you have questions or need technical assistance, your local IT support staff may be able to assist, or you may contact your respective central help desk:
- UIT Help Desk: Call 801-581-4000, option 1, or submit a ticket to helpdesk@utah.edu
- ITS Service Desk: Call 801-587-6000 or submit a ticket to ServiceDesk@hsc.utah.edu
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.