Software News

New DUO Operation System Requirements

DUO is the two-factor security authentication that the University of Alabama requires students and faculty to use in order to access myBama accounts. DUO now has new operation system requirements that students and faculty need review for their devices.  

iOS

The current version of DUO Mobile supports iOS 15.0 and greater, but we cannot guarantee DUO Mobile’s functionality on preview/beta software provided by Apple. DUO recommends upgrading to the most recent version of iOS available for your device. The DUO Mobile app in compatible with the M1 iPad Pro.

iOS 14 and older

Users running versions 14 and older will not be able to download the latest version of Duo Mobile from the App Store. This removal from the App Store does not affect mobile app authentications for users who have already downloaded the app.

Additionally, we no longer provide troubleshooting support, bug fixes, maintenance fixes, or security updates for mobile devices running version 14 and older.

This end-of-support milestone is not an end-of-life for our application on devices with this operating system (or older operating systems that are no longer supported); push and app-generated passcode authentications will continue to function on installed apps. While authentications will continue to function, we always recommend users run the latest version of Duo Mobile on a supported operating system to maintain a strong security posture and get access to the latest features and improvements.

Android

The current version of Duo Mobile supports Android 11.0 and greater and Android Go 11.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure the compatibility of Duo Mobile with custom variants or distributions of Android. Duo Mobile is not supported for use on ChromeOS or Huawei. Duo does not provide official support for non-standard custom Android distributions like OnePlus, LineageOS, or ColorOS.

February 8, 2024 was the last date of support or Duo Mobile on Android 10. Effective February 8, 2024, Android 11 is the minimum supported version for Duo Mobile. This only applies to the Duo Mobile app support. 
Please note: This article does not apply to the operating systems policy determination for out-of-date Android version, which already has Android 11 marked as EOL: Duo Administration – Policy & Control: Android Version Information

Android 10 and older

Users on Android versions 10 and older will not be able to download the latest version of Duo Mobile from the Play Store. This removal from the Play Store will not affect mobile app authentications for users who have already downloaded the app.

Additionally, we no longer provide troubleshooting support, bug fixes, maintenance fixes, or security updates for mobile devices running versions 9 and older.

This end-of-support milestone is not an end-of-life for our application on devices with this operating system (or older operating systems that are no longer supported); push and app-generated passcode authentications will continue to function on installed apps. While authentications will continue to function, we always recommend users run the latest version of Duo Mobile on a supported operating system to maintain a strong security posture and get access to the latest features and improvements.

If your phone cannot run these OS please contact the OIT help desk for other alternatives.

Mobile Application Management Deploying to UA Staff

OIT will deploy security enhancements to protect UA data on Microsoft mobile device applications starting September 3. 

OIT will use Mobile Application Management (MAM) to protect UA data in University email addresses connected to Microsoft applications on mobile devices. 

Security enhancements include: 

  • User authentication via PIN or biometric data, such as fingerprint or facial recognition, will be required to open Microsoft mobile apps connected to UA email accounts. 
  • If a mobile device is lost or stolen, OIT can remove UA user data remotely. If data is removed, it will still be accessible from other devices and can quickly be restored to the original or new mobile device by logging into the apps again. 
  • Restrictions will be placed on how UA users can store UA data on personal mobile devices. For example, users won’t be able to backup data to a personal account (i.e., iCloud). 

These MAM security enhancements do not apply to any personal accounts in Microsoft mobile applications. OIT cannot see nor track any personal information or data outside of the UA user’s Microsoft account. 

How to Setup 

The setup process differs for iOS and Android devices.  

For both device types, upon opening a Microsoft mobile app for the first time after September 3, you will see a notification prompt that says, “Your IT Administrator is now helping you protect work or school data in this app.” 

iOS Users

 iOS users will be prompted to create a PIN within Microsoft apps connected to your UA email. After that, each time you open the app, you will be prompted to enter the PIN or use a biometric login, such as facial recognition or fingerprint in order to launch the app. 

Android Users

Android apps do not have a management layer that is needed for UA to put restrictions on UA data storage, etc. Because of this, you will be prompted to download the Intune Company Portal app. Once the app is downloaded and you have logged into it using your myBama credentials, you will be prompted to create a PIN. After that, each time you open a Microsoft app such as Outlook, you will be prompted to enter the PIN or use a biometric login, such as facial recognition or fingerprint, in order to launch the app.  

Note: When installing the Intune Company Portal app, your Android device will prompt you to grant or deny certain permissions for the app. The permission prompts, which are generic and the same for all Google apps, don’t necessarily reflect what the app will actually do. All permissions can be denied and the app will still work as intended to protect UA data. For details on what each of these permissions mean, see the FAQ on OIT’s mobile application management web page. 

For FAQs and more information on these security measures, visit OIT’s mobile application management web page.

Eduroam Certificate Expiring

The current Eduroam certificate expires on Thursday, May 2, and must be replaced. Historically, most devices deal with the certificate replacement fairly smoothly, but some devices will prompt the user to accept/trust the new certificate. If your computer prompts you to accept a new Eduroam certificate on Thursday regarding Eduroam, please accept/trust the new certification to continue an uninterrupted Wi-Fi experience.

Important Notice: Phasing out LDAP for Azure Authentication

The Office of Information Technology is phasing out the use of Lightweight Directory Access Protocol (LDAP) for authentication purposes by the end of 2024. Instead, we are transitioning to more secure and efficient solutions provided by Microsoft, specifically Azure Authentication and Microsoft Entra ID (formerly Azure AD).

What does this mean for you? If you manage a departmental application and that application currently uses LDAP for authentication, please note that it will soon be deprecated. As such, we kindly ask all application owners and support teams to begin the migration process to Azure Authentication or Microsoft Entra ID as soon as possible.

While OIT will handle the migration of authentication systems at the infrastructure level, the responsibility of migrating individual applications to the new authentication protocols will fall upon the respective application owners and support teams. We understand that this may require some effort and coordination, and we are here to assist you throughout the transition process.

If you have any questions or require assistance with the migration process, please email the Office of Information Technology’s identity mailbox – iam@ua.edu and someone will reach out to you with assistance.

IT Service Desk’s Enhanced Identification Verification Process

In our ongoing commitment to maintaining the security and confidentiality of sensitive information, the IT Service Desk is implementing an enhanced identification verification process. Effective immediately, we will be utilizing IDVerse, a trusted digital identification company, to verify the identities of individuals requesting access to sensitive information or services.

Once the service desk determines they need to verify your identity, you should receive an SMS message from IDVerse. Here’s how the new process works:

Step 1: Take a photo of a government-issued ID. We can verify 16,000+ ID documents in over 220+ countries & principalities and process 142 languages & typesets.

Step 2: Take a video selfie. Smile! Low light and poor phone camera quality? No problem. The software can handle extreme conditions. It’s also trained to recognize users of every skin tone, so you can recognize more of the people you want to let in.

Step 3: Authentication. With AI-based document processing, liveness detection, and data verification, the entire process is fully automated and takes just moments to complete—while delivering superior reliability.

We understand that security measures may sometimes seem cumbersome, but they are essential in today’s digital landscape. The steps are very easy to follow, and you will be guided through the process on your phone as it takes place.

Thank you for your attention to this matter. If you have any questions or concerns regarding the new identification verification process, please don’t hesitate to contact the IT Service Desk for assistance.

Stay Sharp While Using AI 

As AI grows in popularity, staying aware of potential risks and challenges associated with these powerful technologies is essential. 

AI undoubtedly provides significant value to daily tasks and research, but it is crucial to exercise caution and diligence when leveraging AI products. The data input into these tools is often used to train future AI models. The saved data poses a risk of accidental release to external parties querying the same tool you are using or simply as a third-party breach risk. Some tools have lenient privacy or security policies that do not sufficiently protect The University’s data or users’ privacy. 

OIT would like to emphasize a few key considerations when using AI tools: 

Consult OIT for Guidance: 

  • In situations of uncertainty or when navigating the complexities of AI integration, please contact the Office of Information Technology (OIT) for guidance by emailing us at itsd@ua.edu. 

Exercise Caution with Your or Someone Else’s Personal Information 

  • Sensitive information should never be entered into AI tools. Examples include your email, CWID, Social Security Number, or medical records. 

Secure Evaluation of Communication Tools 

  • In the case of AI meeting, email, or calendar management tools, use test accounts that lack access to sensitive or restricted information. Third-party tools may utilize meeting recordings or other participant data to train their models or for other purposes, which is why it is important to limit these tools’ access to UA data. 
  • Avoid having meetings where confidential matters are discussed until the tool’s security and privacy features have been thoroughly vetted. 
  • Do not link AI tools to your work email account unless The University has a contract with and is providing that tool. This is crucial to prevent potential breaches of FERPA, HIPAA, and other regulatory requirements. 

Prioritize Software Solutions on OIT’s Website 

  • Before using AI tools online, ensure that The University does not already have a similar solution at oit.ua.edu/software. 

By sticking to these guidelines, we can proactively avoid or minimize risks associated with AI and keep The University of Alabama safe from cyber attacks or data breaches. Faculty should also consult the guidelines provided by Academic Affairs as a resource. As we collectively strive to leverage the benefits of AI, we must prioritize the security and privacy of our data. 

Notice: Important Information Regarding MacOS Sonoma

The Office of Information Technology (OIT) would like to inform all Mac users within our university community about an important matter concerning the latest operating system, MacOS Sonoma.

We strongly advise against upgrading to Mac OS Sonoma at this time. Preliminary testing has revealed that this update may remove certain Adobe products, and there could be potential impacts on other essential items. To ensure a seamless transition and to address any compatibility issues, we kindly request that you refrain from downloading and installing Mac OS Sonoma until OIT has concluded its thorough testing process.

For updates and further information, please monitor the OIT website. If you have any immediate concerns or questions, feel free to reach out to the OIT Help Desk.

Thank you for your cooperation.

OIT Partners with Keeper Security for Student Account Needs

To enhance the digital security of its student community, the Office of Information Technology is partnering with Keeper Security, an industry leader in password management and data protection. As part of this collaboration, OIT will be offering Keeper’s Unlimited plan for free to all students. This initiative reaffirms OIT’s commitment to safeguarding the online identities and sensitive information of its students while equipping them with essential tools for navigating the digital landscape securely.

About Keeper Unlimited

Keeper Unlimited is a state-of-the-art password management solution designed to empower individuals with robust security in the digital age. With Keeper Unlimited, students at The University of Alabama can safely store, manage, and generate complex passwords for their various online accounts and services. This software is secured with advanced encryption and a zero-knowledge security architecture, ensuring that each student’s data remains fully confidential and only accessible to them. Moreover, Keeper Unlimited boasts user-friendly features like biometric login, secure note storage, two-factor authentication, and secure sharing, making it a comprehensive solution for students to protect their online presence.

The Office of Information Technology is excited to extend this resource to its student body. For instructions on how to activate your Keeper Unlimited account, please visit the Keeper software page on our website.

Known Issue: “New Teams” with teams voice dialing

Please be advised that there is a known issue with Teams Dialing phone integration with the “New Teams” version where calls to external numbers connect but have no audio. Individuals who are part of the Teams voice dialing (using Teams as a softphone client for their 348 phone number) should use the classic version of Teams and not enable the “New Teams” at this time. A ticket is open with Microsoft on this issue.