myBama will be unavailable Saturday, August 10 from 7:00 a.m. until 8:00 a.m. for minor upgrades. A myBama maintenance page will be available with links to essential services during the maintenance timeframe, and all services will be restored upon completion of the upgrades. If you have any questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.
On July 19, 2024, at 4:09 UTC, The University of Alabama’s Office of Information Technology (OIT) faced a significant challenge when a defective Crowdstrike update caused a widespread disruption across campus systems. Crowdstrike, an industry-leading platform used by UA to protect servers from cyber threats, had released a Rapid Response Content update for Windows systems, which inadvertently caused many machines to crash and enter an endless reboot loop.
OIT personnel were alerted to server outages around midnight and swiftly mobilized a cross-functional team to investigate. Working through the early hours, OIT employees from the systems and security teams collaborated with Crowdstrike support and conducted independent research to find a solution. By 4:00 a.m., most systems had been restored, and the team continued to work with various campus units to resolve the remaining issues by 10:00 a.m.
While OIT Security had previously set Crowdstrike to defer sensor updates for critical systems, this setting applied only to major sensor version updates, not to the nightly content updates responsible for this incident. Following this event, Crowdstrike has introduced new controls, allowing customers to defer content updates. UA has now adopted a staggered deployment strategy: updates are rolled out first to test systems, then to non-critical production systems, and finally to critical systems.
In response to this incident, Crowdstrike has implemented a series of improvements, including:
The proactive measures taken by both OIT and Crowdstrike underscore a commitment to security, ensuring that UA’s critical systems are better protected from future risks.
DUO is the two-factor security authentication that the University of Alabama requires students and faculty to use in order to access myBama accounts. DUO now has new operation system requirements that students and faculty need review for their devices.
iOS
The current version of DUO Mobile supports iOS 15.0 and greater, but we cannot guarantee DUO Mobile’s functionality on preview/beta software provided by Apple. DUO recommends upgrading to the most recent version of iOS available for your device. The DUO Mobile app in compatible with the M1 iPad Pro.
iOS 14 and older
Users running versions 14 and older will not be able to download the latest version of Duo Mobile from the App Store. This removal from the App Store does not affect mobile app authentications for users who have already downloaded the app.
Additionally, we no longer provide troubleshooting support, bug fixes, maintenance fixes, or security updates for mobile devices running version 14 and older.
This end-of-support milestone is not an end-of-life for our application on devices with this operating system (or older operating systems that are no longer supported); push and app-generated passcode authentications will continue to function on installed apps. While authentications will continue to function, we always recommend users run the latest version of Duo Mobile on a supported operating system to maintain a strong security posture and get access to the latest features and improvements.
Android
The current version of Duo Mobile supports Android 11.0 and greater and Android Go 11.0 and greater. Duo recommends upgrading to the most recent version of Android available for your device. We cannot ensure the compatibility of Duo Mobile with custom variants or distributions of Android. Duo Mobile is not supported for use on ChromeOS or Huawei. Duo does not provide official support for non-standard custom Android distributions like OnePlus, LineageOS, or ColorOS.
February 8, 2024 was the last date of support or Duo Mobile on Android 10. Effective February 8, 2024, Android 11 is the minimum supported version for Duo Mobile. This only applies to the Duo Mobile app support.
Please note: This article does not apply to the operating systems policy determination for out-of-date Android version, which already has Android 11 marked as EOL: Duo Administration – Policy & Control: Android Version Information
Android 10 and older
Users on Android versions 10 and older will not be able to download the latest version of Duo Mobile from the Play Store. This removal from the Play Store will not affect mobile app authentications for users who have already downloaded the app.
Additionally, we no longer provide troubleshooting support, bug fixes, maintenance fixes, or security updates for mobile devices running versions 9 and older.
This end-of-support milestone is not an end-of-life for our application on devices with this operating system (or older operating systems that are no longer supported); push and app-generated passcode authentications will continue to function on installed apps. While authentications will continue to function, we always recommend users run the latest version of Duo Mobile on a supported operating system to maintain a strong security posture and get access to the latest features and improvements.
If your phone cannot run these OS please contact the OIT help desk for other alternatives.
A global CrowdStrike outage early Friday morning is affecting the University of Alabama network. The current known impact is network connectivity in some areas of campus and OnBase management platform. A security incident or cyberattack did not cause this outage.
CrowdStrike’s cybersecurity software detects and blocks hacking threats. Like other cybersecurity products, it requires deep-level access to a computer’s operating system to scan for threats. In this case, computers running Microsoft Windows appear to have crashed because of a software code update issued by CrowdStrike interacting with the Windows system.
If you believe a UA-managed system you use is having issues, please submit a report to the IT Service Desk at ITSD@ua.edu or 205-348-5555. Updates will be provided on the OIT Service Status webpage.
OIT will deploy security enhancements to protect UA data on Microsoft mobile device applications starting September 3.
OIT will use Mobile Application Management (MAM) to protect UA data in University email addresses connected to Microsoft applications on mobile devices.
Security enhancements include:
These MAM security enhancements do not apply to any personal accounts in Microsoft mobile applications. OIT cannot see nor track any personal information or data outside of the UA user’s Microsoft account.
The setup process differs for iOS and Android devices.
For both device types, upon opening a Microsoft mobile app for the first time after September 3, you will see a notification prompt that says, “Your IT Administrator is now helping you protect work or school data in this app.”
iOS users will be prompted to create a PIN within Microsoft apps connected to your UA email. After that, each time you open the app, you will be prompted to enter the PIN or use a biometric login, such as facial recognition or fingerprint in order to launch the app.
Android apps do not have a management layer that is needed for UA to put restrictions on UA data storage, etc. Because of this, you will be prompted to download the Intune Company Portal app. Once the app is downloaded and you have logged into it using your myBama credentials, you will be prompted to create a PIN. After that, each time you open a Microsoft app such as Outlook, you will be prompted to enter the PIN or use a biometric login, such as facial recognition or fingerprint, in order to launch the app.
Note: When installing the Intune Company Portal app, your Android device will prompt you to grant or deny certain permissions for the app. The permission prompts, which are generic and the same for all Google apps, don’t necessarily reflect what the app will actually do. All permissions can be denied and the app will still work as intended to protect UA data. For details on what each of these permissions mean, see the FAQ on OIT’s mobile application management web page.
For FAQs and more information on these security measures, visit OIT’s mobile application management web page.
In a significant milestone for campus operations, the Office of Information Technology (OIT) at The University of Alabama successfully conducted its most ambitious Disaster Recovery (DR) exercise on May 17. This test, a live DR scenario, was designed to ensure that critical campus operations could continue uninterrupted in the event of a data center failure.
This exercise aimed to perform a physical failover from the primary data center (DC-1) to the secondary data center (DC-2). The team shut down a substantial subset of servers and applications in DC-1, forcing DC-2 to function as the primary data center. The test included crucial services such as networking, campus-wide internet connectivity, VoIP, and the development and testing environments for Banner, the university’s primary administrative system. After running services from DC-2, the team executed a failback to DC-1, ensuring a smooth transition between the two centers.
This 15-month-in-the-making exercise required the involvement of every area within OIT and multiple campus partners, including on-campus resources and virtual participants. Originally planned for the entire weekend to address potential issues, the team completed the exercise in under six hours. All steps of the process were meticulously documented to be used for future DR exercises and cross-training.
This test demonstrates the resilience of the university’s IT infrastructure by simulating the failure of critical systems and validating the university’s ability to recover. This successful exercise strengthens the readiness of campus operations, ensuring that, in the face of unexpected disruptions, the university can continue to provide essential services with minimal downtime.
We want to bring to your attention a concerning trend that has been on the rise recently: smishing scams impersonating UA leadership. “Smishing” is a term used to describe phishing scams that occur via SMS or text messages.
These fraudulent messages may appear to be from President Bell or another university official, and they often aim to deceive recipients into providing personal information, financial details, or access to sensitive university systems.
We want to emphasize that these messages are not legitimate communications from President Bell or any university representative. They are malicious attempts to exploit our community members.
While we urge everyone to remain vigilant, we do not require individuals to report these smishing attempts unless they have already provided sensitive information or access to their devices. However, it is crucial to spread awareness and caution among our community members to prevent falling victim to these scams.
If you receive a suspicious message claiming to be from President Stuart Bell or any other university authority figure, please refrain from clicking on any links or providing any personal information. Instead, you can report these messages to your mobile carrier for further investigation.
A current list is available here: AI Approved List – oit.ua.edu | The University of Alabama
When using AI tools, be sure to adhere to OIT’s AI Minimum Security Standard.
The current Eduroam certificate expires on Thursday, May 2, and must be replaced. Historically, most devices deal with the certificate replacement fairly smoothly, but some devices will prompt the user to accept/trust the new certificate. If your computer prompts you to accept a new Eduroam certificate on Thursday regarding Eduroam, please accept/trust the new certification to continue an uninterrupted Wi-Fi experience.
The Office of Information Technology (OIT) is performing a disaster recovery exercise from Saturday, May 18, at 7:00 a.m. to Sunday, May 19, at 7:00 p.m. The exercise will involve shutting down the Gordon Palmer data center network and restoring services at the Ridgecrest data center. We do not anticipate this exercise affecting email, Office 365 or Blackboard Learn, but all applications housed in the Gordon Palmer data center will be unavailable.
During this exercise, OIT will isolate the Gordon Palmer data center from the UA network, simulating a disaster that has rendered the data center inoperable. The primary goal of this exercise is to validate network connectivity, identity services, internet connectivity, and other prerequisites for the continuity of IT operations. Additionally, OIT will conduct a Banner recovery exercise, validating that we can successfully restore operations to a “business as usual” state once a disaster has been remediated.
If you have any questions or concerns, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.
