|
Size: 4388
Comment:
|
Size: 6278
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| == So...what's going on? == The University has decided that the current method of logging into Office365 using only your Active Directory (AD) username and password is no longer secure enough. As such they will be implementing new security requirements for e-mail clients (ie: the e-mail program installed on your computer/tablet/smartphone) that will go into effect on '''March 1, 2022'''. |
== What's going on? == The University has decided that the current method of logging into Office365 using a basic username/password is no longer secure enough. As such they will be implementing new security requirements for e-mail clients (ie: the e-mail program installed on your computer/tablet/smartphone) that will go into effect starting '''March 1, 2022'''. |
| Line 6: | Line 6: |
| All e-mail clients will be required to support both an O365-specific protocol for logging in called "OAUth2" and also must have '''built-in''' support for Duo 2-factor authentication. Not all e-mail clients support these. | Two changes: 1. The use of Duo will be '''mandatory''' when your computer/device is '''not''' connected to a UR network and you're trying to connect to O365 using the mail client installed on that computer/device. To clarify, the use of Duo is '''not''' required if: * you're physically plugged into the UR network in your office/lab via Ethernet * you're on a non-guest UR wireless network * you're remotely connected to the UR network via VPN In all other cases you '''must''' use Duo, and more importantly '''your mail client must have built-in support for Duo.''' 2) All e-mail clients will be required to use an O365-specific protocol for logging in called OAuth2 (which University IT refers to as "modern auth"). |
| Line 13: | Line 25: |
| The combination of the security changes being implemented by University IT and the service changes being implemented by Microsoft will require '''all''' of us to make changes in the near future to how we interact with Office365 to ensure continued compatibility with Office365 over the years to come. | == So...what does this all mean? == I'm not going to lie...the combination of the security changes being implemented by University IT and the service changes being implemented by Microsoft are going to cause a lot of upheaval for several of us. Some users will need to switch to a different mail client entirely, others will need to reconfigure the one they're already using. Since there are so many ways for us to use e-mail, everybody's "solution" to this problem will be a little different. In my mind the best course of action is for all of us to implement all three changes at one time to minimize the impact on our workflows. Decide which "supported" mail client you want to use and configure it to use Duo/OAuth2/Exchange format...this puts you in the right position to continue using O365 in the future. |
| Line 22: | Line 37: |
| '''Linux''': Mozilla Thunderbird (with a PAID add-on called "OWL" that adds the needed OAuth2 support) | '''Linux''': Mozilla Thunderbird (with a PAID add-on called "OWL" that adds the needed "Exchange format" support) |
| Line 28: | Line 43: |
| All of these mail clients support OAuth2, the use of Duo, and can be configured for "Exchange format". | All of these mail clients support OAuth2, have built-in support for Duo, and can configure user accounts for "Exchange format". Note that the use of the OWL plug-in with Thunderbird may not be a long-term solution...OWL relies on some Microsoft technologies that the company considers obsolete and the company could terminate them at some point in the future. |
| Line 33: | Line 48: |
| As far as I know none of these changes will have any affect on the OWA webmail interface. These changes are limited to mail clients installed on your computing devices. | None of these changes will have any affect on the OWA webmail interface found at [[https://owa.ur.rochester.edu|http://owa.ur.rochester.edu]]. These changes are limited to mail clients that are locally installed on your computing devices. Note: Do '''not''' try to use the encrypted address "http'''s'''://owa.ur.rochester.edu" for accessing OWA...it doesn't work. Only the non-encrypted http version of the address works. |
| Line 36: | Line 53: |
| Already being a user of one of the "supported" e-mail clients is a big plus, but it doesn't automatically mean you won't have to reconfigure your mail client(s) to make them compliant with the new security restrictions. University IT will be releasing detailed instructions soon for (re)configuring mail clients...a link to those will be added to this wiki when they're made available. | Already being a user of one of the "supported" e-mail clients is a big plus, but it doesn't automatically mean you won't have to reconfigure your mail client(s) to make them compliant with the new security restrictions. University IT has released documentation describing how to install/modify various mail clients to enable the new requirements...that documentation is here: https://tech.rochester.edu/tutorials/configuring-email-with-duo/ |
| Line 39: | Line 58: |
| The first thing you need to do is '''NOT PANIC! :) '''While e-mail can be a pretty complicated it's not an insurmountable problem and you have resources (including myself and University IT) to help you with this. | The first thing you need to do is '''NOT PANIC! :) '''While e-mail can get really complicated it's not an insurmountable problem and you have resources (including myself and University IT) to help you with this. Always remember that the webmail client for O365 is available in a pinch if your mail client(s) aren't functioning correctly: |
| Line 41: | Line 60: |
| My first suggestion is for you to make sure the Duo account associated with your River Campus AD account (called "UR Active Directory" in Duo) is enabled. The Duo account used for making VPN connections to the university (called "University IT NetID" in Duo) is NOT the correct version of Duo for O365. Here's a link for enabling the AD-version of Duo on your smartphone or tablet (the process requires you to be connected to the UR network): | [[https://owa.ur.rochester.edu|http://owa.ur.rochester.edu]] My first suggestion is for you to make sure the Duo account associated with your River Campus AD account (called "UR Active Directory" in Duo) is enabled. The Duo account used for making VPN connections to the university (called "University IT NetID" in Duo) is '''not''' the correct version of Duo for O365. Here's a link for enabling the AD-version of Duo on your smartphone or tablet (the process requires you to be connected to the UR network): |
| Line 45: | Line 66: |
| The next thing I suggest you do is perhaps take inventory of how you currently interact with O365 (ie: what mail clients you currently use and what devices you use them on) and use this as an opportunity to make some beneficial changes. Perhaps standardizing on the same mail client for all of your devices, or even changing which devices you do and don't use with O365 will simply your life and improve your workflow. | The next thing I suggest you do is perhaps take inventory of how you currently interact with O365 (ie: what mail clients you currently use and what devices you use them on) and use this as an opportunity to possibly make some beneficial changes. Perhaps standardizing on the same mail client for all of your devices, or even changing which devices you do and don't use with O365 will improve your workflow. |
| Line 47: | Line 68: |
| Once you have an idea of how you'd like to move forward, you'll want to consult the documentation provided by University IT regarding how to implement whatever changes you feel are appropriate. Feel free to reach out to me if you have any questions or concerns. | Once you have an idea of how you'd like to move forward, you'll want to consult the documentation provided by University IT regarding how to (re)configure the various supported mail clients. Again, the link to that page is: https://tech.rochester.edu/tutorials/configuring-email-with-duo/ As always, feel free to reach out to me if you have any questions or concerns. |
Upcoming changes to Office365
What's going on?
The University has decided that the current method of logging into Office365 using a basic username/password is no longer secure enough. As such they will be implementing new security requirements for e-mail clients (ie: the e-mail program installed on your computer/tablet/smartphone) that will go into effect starting March 1, 2022.
What changes are University IT implementing?
Two changes:
The use of Duo will be mandatory when your computer/device is not connected to a UR network and you're trying to connect to O365 using the mail client installed on that computer/device.
To clarify, the use of Duo is not required if:
- you're physically plugged into the UR network in your office/lab via Ethernet
- you're on a non-guest UR wireless network
- you're remotely connected to the UR network via VPN
In all other cases you must use Duo, and more importantly your mail client must have built-in support for Duo.
2) All e-mail clients will be required to use an O365-specific protocol for logging in called OAuth2 (which University IT refers to as "modern auth").
Is that all?
Unfortunately, no.
I've also been informed that on October 1, 2022 Microsoft will stop supporting the use of the industry-standard e-mail protocols for checking/sending e-mail (ie: IMAP, POP, and SMTP) and will only support the use of Microsoft-specific protocols (commonly referred to as "Exchange format") with Office365. This will also render some mail clients wholly incompatible with Office365.
So...what does this all mean?
I'm not going to lie...the combination of the security changes being implemented by University IT and the service changes being implemented by Microsoft are going to cause a lot of upheaval for several of us. Some users will need to switch to a different mail client entirely, others will need to reconfigure the one they're already using. Since there are so many ways for us to use e-mail, everybody's "solution" to this problem will be a little different.
In my mind the best course of action is for all of us to implement all three changes at one time to minimize the impact on our workflows. Decide which "supported" mail client you want to use and configure it to use Duo/OAuth2/Exchange format...this puts you in the right position to continue using O365 in the future.
Is my current e-mail client compatible with these new requirements?
Per University IT, the e-mail clients that they will officially support are as follows:
Microsoft Windows: Microsoft Outlook
Macintosh computers: Apple Mail or Microsoft Outlook
Linux: Mozilla Thunderbird (with a PAID add-on called "OWL" that adds the needed "Exchange format" support)
Apple iDevices: Apple Mail or Microsoft Outlook
Android devices: Microsoft Outlook
All of these mail clients support OAuth2, have built-in support for Duo, and can configure user accounts for "Exchange format". Note that the use of the OWL plug-in with Thunderbird may not be a long-term solution...OWL relies on some Microsoft technologies that the company considers obsolete and the company could terminate them at some point in the future.
This does NOT mean that other mail clients won't work (for example, Thunderbird on a Mac or the Evolution mail client for Linux can both be made to work), but the clients listed above are what they will be officially supporting.
What about the webmail system (OWA)?
None of these changes will have any affect on the OWA webmail interface found at http://owa.ur.rochester.edu. These changes are limited to mail clients that are locally installed on your computing devices.
Note: Do not try to use the encrypted address "https://owa.ur.rochester.edu" for accessing OWA...it doesn't work. Only the non-encrypted http version of the address works.
What if I'm already using one of the mail clients listed above?
Already being a user of one of the "supported" e-mail clients is a big plus, but it doesn't automatically mean you won't have to reconfigure your mail client(s) to make them compliant with the new security restrictions. University IT has released documentation describing how to install/modify various mail clients to enable the new requirements...that documentation is here:
https://tech.rochester.edu/tutorials/configuring-email-with-duo/
So...what do I need to do?
The first thing you need to do is NOT PANIC! 
While e-mail can get really complicated it's not an insurmountable problem and you have resources (including myself and University IT) to help you with this. Always remember that the webmail client for O365 is available in a pinch if your mail client(s) aren't functioning correctly:
My first suggestion is for you to make sure the Duo account associated with your River Campus AD account (called "UR Active Directory" in Duo) is enabled. The Duo account used for making VPN connections to the university (called "University IT NetID" in Duo) is not the correct version of Duo for O365. Here's a link for enabling the AD-version of Duo on your smartphone or tablet (the process requires you to be connected to the UR network):
https://tech.rochester.edu/enroll-in-duo/
The next thing I suggest you do is perhaps take inventory of how you currently interact with O365 (ie: what mail clients you currently use and what devices you use them on) and use this as an opportunity to possibly make some beneficial changes. Perhaps standardizing on the same mail client for all of your devices, or even changing which devices you do and don't use with O365 will improve your workflow.
Once you have an idea of how you'd like to move forward, you'll want to consult the documentation provided by University IT regarding how to (re)configure the various supported mail clients. Again, the link to that page is:
https://tech.rochester.edu/tutorials/configuring-email-with-duo/
As always, feel free to reach out to me if you have any questions or concerns.