Controlled Data Center Shutdowns December 22

OIT will briefly shut down both on-campus data centers on Friday, December 22 at 7:30 a.m. until 9:30 a.m. for maintenance. Along with intermittent internet outages, the following services will be unavailable during the maintenance period: all on-premise servers, such as Banner, Action Card, myBama, etc. If you have any questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Notice: Important Information Regarding MacOS Sonoma

The Office of Information Technology (OIT) would like to inform all Mac users within our university community about an important matter concerning the latest operating system, MacOS Sonoma.

We strongly advise against upgrading to Mac OS Sonoma at this time. Preliminary testing has revealed that this update may remove certain Adobe products, and there could be potential impacts on other essential items. To ensure a seamless transition and to address any compatibility issues, we kindly request that you refrain from downloading and installing Mac OS Sonoma until OIT has concluded its thorough testing process.

For updates and further information, please monitor the OIT website. If you have any immediate concerns or questions, feel free to reach out to the OIT Help Desk.

Thank you for your cooperation.

OIT Partners with Keeper Security for Student Account Needs

To enhance the digital security of its student community, the Office of Information Technology is partnering with Keeper Security, an industry leader in password management and data protection. As part of this collaboration, OIT will be offering Keeper’s Unlimited plan for free to all students. This initiative reaffirms OIT’s commitment to safeguarding the online identities and sensitive information of its students while equipping them with essential tools for navigating the digital landscape securely.

About Keeper Unlimited

Keeper Unlimited is a state-of-the-art password management solution designed to empower individuals with robust security in the digital age. With Keeper Unlimited, students at The University of Alabama can safely store, manage, and generate complex passwords for their various online accounts and services. This software is secured with advanced encryption and a zero-knowledge security architecture, ensuring that each student’s data remains fully confidential and only accessible to them. Moreover, Keeper Unlimited boasts user-friendly features like biometric login, secure note storage, two-factor authentication, and secure sharing, making it a comprehensive solution for students to protect their online presence.

The Office of Information Technology is excited to extend this resource to its student body. For instructions on how to activate your Keeper Unlimited account, please visit the Keeper software page on our website.

Opportunity: Azure Fundamentals Class

The local Microsoft Account Team will be providing an AZ-900 (Azure Fundamentals) class at the University of Alabama on November 9th from 9:00am – 4:00 pm. The cost of the training is FREE. Room for this event will be limited to 40 participants. The agenda and Registration link are below. Additional general details will be forthcoming to registered attendees.  Please let me know if you have any questions.

Azure AZ-900 Class  

Azure Fundamentals introduces cloud services, and how these services are provided by Microsoft Azure. Take this course as a first step towards learning about cloud computing and Azure, before taking further courses. 

This course covers:

  • General cloud computing concepts, models, and services such as: 
  • PublicPrivate, and Hybrid clouds
  • InfrastructurePlatform, and Software as a Service
  • Core Azure products, services and tools for security, privacy, compliance, and trust
  • Azure pricing and support options

Registration Link for University of Alabama AZ-900 course on November 9th

Azure AZ-900 Microsoft Azure Fundamentals     

Candidates for this exam have skills and experience working with an area of information technology (IT), such as infrastructure management, database management, or software development.

·        Describe cloud concepts (25–30%)

·        Describe Azure architecture and services (35–40%)

·        Describe Azure management and governance (30–35%)

Describe cloud concepts (25–30%)

Describe cloud computing

·        Define cloud computing

·        Describe the shared responsibility model

·        Define cloud models, including public, private, and hybrid

·        Identify appropriate use cases for each cloud model

·        Describe the consumption-based model

·        Compare cloud pricing models

·        Describe serverless

Describe the benefits of using cloud services

·        Describe the benefits of high availability and scalability in the cloud

·        Describe the benefits of reliability and predictability in the cloud

·        Describe the benefits of security and governance in the cloud

·        Describe the benefits of manageability in the cloud

Describe cloud service types

·        Describe infrastructure as a service (IaaS)

·        Describe platform as a service (PaaS)

·        Describe software as a service (SaaS)

·        Identify appropriate use cases for each cloud service (IaaS, PaaS, and SaaS)

Describe Azure architecture and services (35–40%)

Describe the core architectural components of Azure

·        Describe Azure regions, region pairs, and sovereign regions

·        Describe availability zones

·        Describe Azure datacenters

·        Describe Azure resources and resource groups

·        Describe subscriptions

·        Describe management groups

·        Describe the hierarchy of resource groups, subscriptions, and management groups

Describe Azure compute and networking services

·        Compare compute types, including containers, virtual machines, and functions

·        Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop

·        Describe the resources required for virtual machines

·        Describe application hosting options, including web apps, containers, and virtual machines

·        Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute

·        Define public and private endpoints

Describe Azure storage services

·        Compare Azure Storage services

·        Describe storage tiers

·        Describe redundancy options

·        Describe storage account options and storage types

·        Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync

·        Describe migration options, including Azure Migrate and Azure Data Box

Describe Azure identity, access, and security

·        Describe directory services in Azure, including Azure Active Directory (Azure AD), part of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS)

·        Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless

·        Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C)

·        Describe Conditional Access in Azure AD

·        Describe Azure role-based access control (RBAC)

·        Describe the concept of Zero Trust

·        Describe the purpose of the defense-in-depth model

·        Describe the purpose of Microsoft Defender for Cloud

Describe Azure management and governance (30–35%)

Describe cost management in Azure

·        Describe factors that can affect costs in Azure

·        Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator

·        Describe cost management capabilities in Azure

·        Describe the purpose of tags

Describe features and tools in Azure for governance and compliance

·        Describe the purpose of Microsoft Purview in Azure

·        Describe the purpose of Azure Policy

·        Describe the purpose of resource locks

Describe features and tools for managing and deploying Azure resources

·        Describe the Azure portal

·        Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell

·        Describe the purpose of Azure Arc

·        Describe infrastructure as code (IaC)

·        Describe Azure Resource Manager (ARM) and ARM templates

Describe monitoring tools in Azure

·        Describe the purpose of Azure Advisor

·        Describe Azure Service Health

·        Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights

Registration Link for University of Alabama AZ-900 course on November 9th.

Banner and Related Apps Unavailable October 27-28

OIT will perform updates to platforms Banner and related applications run on starting Friday, October 27, 7:00 a.m. and will remain unavailable until Saturday, October 28, 10 p.m. The following services will be unavailable during the update period: 

  • Banner Student Self-Service, including course registration (ability to register for new courses or drop courses); viewing student records such as transcripts, grades, and financial aid; updating personal contact information
  • Banner Employee Self-Service, including monthly leave reporting and viewing leave balances
  • MyBama, DegreeWorks

If you have any questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Known Issue: “New Teams” with teams voice dialing

Please be advised that there is a known issue with Teams Dialing phone integration with the “New Teams” version where calls to external numbers connect but have no audio. Individuals who are part of the Teams voice dialing (using Teams as a softphone client for their 348 phone number) should use the classic version of Teams and not enable the “New Teams” at this time. A ticket is open with Microsoft on this issue.

Cisco Umbrella Roaming Client

The Cisco Umbrella Roaming Client was unintentionally deployed to UA-managed devices Oct. 5. The plan was for the application to be deployed to the Office of Information Technology (OIT) exclusively before a full campus roll-out during the Spring semester. It was not OIT’s intention to install the client without warning.

Cisco Umbrella is a cloud-based security tool used to help block malicious traffic on your computer. The application can block websites based on categories, but individual sites can also be added to a block list. OIT only retains data necessary for troubleshooting purposes.

All OIT-managed devices have the “default policy” activated. In this default policy, known malicious websites are the only blocked sites. This software will help prevent malware, viruses, phishing attacks, and other known bad websites from being accessed.

If you have any questions, concerns, or encounter any issues, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Duo Verified Push

OIT is deploying a risk-based verified push feature in Duo that will help cut down on compromised accounts and improve cybersecurity all across campus.

What is a DUO Verified Push? Examples Below

Verified Push is a more secure version of Duo Push that requires users to enter a numeric code from the authentication prompt on their mobile device. When Duo detects an anomaly in your login pattern, it will display a code on the screen the person is using to log in. You will simultaneously get a request to answer the code in your Duo app. The code will be a mandatory step to log in the first time you use the device, but will happen less frequently the more you use the device.

Duo’s Risk-Based Authentication automatically detects and mitigates commonly known attack patterns and high-risk anomalies. Risk-Based Authentication consists of two key capabilities: Risk-Based Factor Selection and Risk-Based Remembered Devices.

How is risk assessed by DUO?

  • User marked fraud: A user has indicated they weren’t responsible for a login by marking it as suspicious in the Duo Mobile app.
  • Push harassment: A pattern of failed authentications is consistent with an adversary performing a targeted push harassment attack against a single user.
  • Push spray: A pattern of failed authentications is consistent with an adversary performing a non-targeted push attack against multiple users.
  • Unrealistic travel: A user attempts to authenticate from a new location that would be impossible to reach based on the past authentication time and location.
  • Country code mismatch: The authentication device and access device appear to be in two different countries.
  • Novel ASN: A user attempts to authenticate from an autonomous system number (ASN) not seen in the organization’s recent history of successful authentication.

What is the point?

Verified Duo Push automatically adds a separate layer of security on top of the push by asking the user to complete an action that requires them to interact with both the access and the authentication devices.

Limitations

  • Apple Watch experience is degraded. The full QWERTY keyboard makes entering the code a challenge. You are able to illustrate or narrate your code as an alternative.
  • In iOS, the numeric keyboard is only launched in the Duo app. If you attempt to approve directly from notification, you will have QWERTY. The approval still works, just less smoothly.
  • Verified Push only works when combined with the Duo mobile app. Phone call and SMS authentication are unsupported. Hardware token usage is unchanged as well. If a phone call is the only way to authenticate due to accessibility reasons, we can add the user to an exception group.

Want to learn more?

You can find out more about Verified Push on Duo’s website: CLICK HERE