Upgrade Windows 10 – 22H2

Beginning in May 2023, faculty and staff with Windows computers will begin receiving announcements on their computers to upgrade Windows 10 to the newest supported version, 22H2.

Faculty and staff have the option to upgrade when they receive the announcement or schedule the upgrade for another time. OIT recommends that faculty and staff perform the update at the end of the workday, as the upgrade will require 90 minutes of downtime.

This upgrade will not delete any applications or data, but as always, OIT recommends backing up before performing any OS upgrade.

Please perform this upgrade at a time convenient to you. OIT suggests starting the upgrade, or scheduling for it to occur, just before you leave for the end of the day. OIT also recommends performing the upgrade while on campus, connected to power and connected to the UA network. Below is an example of the announcement faculty and staff can expect to see.

Machines that are not upgraded by Sept. 11 will automatically receive the update from OIT. OIT recommends faculty and staff schedule the upgrade to occur this summer for it to be performed at a time of their choosing.

upgrade windows announcement

Some users may be unable to view or access web apps in Microsoft 365

Update: The situation is improving with the Microsoft 365 outage. Access has returned to most users, but we have not received an official report from Microsoft. I will send a final update once the outage is resolved. 

Original: Microsoft has identified an issue with users accessing and viewing web apps in Microsoft 365 at 6:30 PM on April 19. Microsoft has identified the initial cause and is working to repair the issue. At this time, individuals may be unable to access web apps for Microsoft 365, such as Excel Online, Word Online, Sharepoint Online, Planner, Outlook Online or other web-based versions of Microsoft Office applications. Locally installed applications, such as the desktop versions of Office, are working properly at this time. We are monitoring the situation.

Microsoft to enable number match authentication for all UA alumni and retiree UA email accounts

Beginning February 27, 2023, Microsoft will enable number match authentication for all UA alumni and retirees who are currently using Microsoft Authenticator to access their UA email accounts.

With number matching enabled, the Microsoft Authenticator app will prompt users with a number. Users will need to type that number into the app to complete the authentication process when attempting to sign into their UA Outlook account.

The feature helps to prevent accidental approvals and provides protection against multi-factor authentication attacks.

Number matching isn’t supported for Apple Watch notifications. Apple Watch users need to use their phone to approve notifications when number matching is enabled.

FAQS

Who will be required to use number matching in Microsoft Authenticator push notifications?

UA alumni and retirees who are currently using Microsoft Authenticator to access their UA email accounts.

Can I opt out of number matching?

No, starting February 27, 2023 users can’t opt out of number matching in Microsoft Authenticator push notifications.

Does number matching only apply if Microsoft Authenticator is set as the default authentication method?

Regardless of their default method, any user who is prompted to sign-in with Authenticator will see number match after February 27, 2023.

What happens if a user runs an older version of Microsoft Authenticator?

If a user is running an older version of Microsoft Authenticator that doesn’t support number matching, authentication won’t work if number matching is enabled. Users need to upgrade to the latest version of Microsoft Authenticator to use it for sign-in.

LastPass Breach – Password change required

Many faculty, staff, and students utilize LastPass as a password management tool to store passwords in an encrypted environment.  On December 22, LastPass informed its customers of a potential cyber security incident that could compromise the passwords stored in their accounts. LastPass discovered that in November 2022, a copy of the customer password vaults had been stolen. This attack affected a significant portion of the large LastPass customer base, including users at The University of Alabama.

Your LastPass password vault is encrypted with a master password that only you know. Cybercriminals who obtained copies of customer vaults in November 2022 and may be trying to crack these master passwords to access the passwords stored within.

We recommend that you follow these steps, including changing your master password immediately. On January 4, 2023, at 2:00pm, OIT Security will configure LastPass to require all users to change their master passwords if they have not since December 21, 2022.

1) Change your LastPass master password to include at least 14 characters. This should be different from your myBama password. Consider using a pass phrase or at least five randomly selected words. Passwords must include 3 of the 4 character types (uppercase, lowercase, number, symbol).
2) Start changing the passwords for your stored accounts and prioritize your myBama account, email accounts, financial accounts, and other accounts that could cause significant harm to you or the University if stolen.
3) If you store API keys or other similar application credentials, change those as well.
4) If you store credit card numbers in LastPass, we suggest requesting a new card from your financial institution.
5) Continue changing all of your stored passwords.
6) Enable two-factor authentication on all services if possible. If you receive any two-factor prompts that you did not initiate, do not respond to them and contact security@ua.edu.
7) Check your financial accounts regularly for any fraudulent transactions.
8) Be on the lookout for phishing emails trying to steal your LastPass password or personal information!

For personal LastPass accounts, follow a similar course of action.

Additional resources:
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
https://www.govinfosecurity.com/lastpass-breach-attacker-stole-encrypted-password-vaults-a-20790
https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

FAQS:
“Won’t DUO two-factor protect my account?”
Not against this type of attack. Your master password is the only factor protecting your stolen vault contents.

“If I change my master password why do I need to change my account passwords?”
The cybercriminals have obtained a copy of your LastPass vault from November 2022, which means that offline copy will not be protected by any future changes you make to your master password. Therefore, changing the stored passwords for each account is crucial to ensure their security.

Even if you change the stored passwords, it is still important to change your master password. If you do not, cybercriminals may try to access your active vault using your master password, giving them access to any newly changed passwords for your individual accounts.

“Will UA continue to use LastPass?”
At this time, UA will continue to use LastPass. OIT Security is evaluating other vendors.

OIT to Implement Additional Email Security in January 2023

Beginning in January 2023, OIT will implement new email security features to help students, faculty and staff better recognize phishing emails. These new security measures utilize mailbox intelligence and recognize email user patterns.

Outlook will provide safety tips for inbound mail that comes from new or unusual senders. Below is a screenshot example.

"You don't often get mail from this address."

The mailbox intelligence will also better recognize impersonation attempts. UA students, faculty and staff often receive impersonation phishing emails where messages are sent from addresses similar to a known contact. If a message is marked as an impersonated user, it will be delivered to the recipient’s Junk folder and contain an alert.

Network Upgrades Saturday, Dec. 17

OIT will be performing necessary network upgrades Saturday, Dec. 17 from 8am – 11am. The wired and wireless campus network will experience intermittent outages during the maintenance window. Services will resume normal operations by 11am.

Banner Upgrade – Sunday, Dec. 18

OIT will be implementing a Banner bundle upgrade on Sunday, Dec. 18 from 4:00am – 10 am.  myBama and channels that connect to Banner will not be accessible, including self-service and administrative systems. For questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Banner Upgrade – Sunday, Dec. 4

OIT will be implementing a Banner bundle upgrade on Sunday, Dec. 4 from 5:30am – 10 am. myBama and channels that connect to Banner will not be accessible, including self-service and administrative systems. For questions or concerns, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Nov. 28 Service Outage Root Cause

On Monday, Nov. 28 at 1:45pm, a critical component supplying power to the Gordon Palmer data center failed.  All services within the data center abruptly shut down causing a widespread network and system outage. OIT implemented mitigation efforts to restore core services by 5:45pm. OIT reactivated equipment on Tuesday, Nov. 29 at 9am to provide backup power service in preparation for severe weather.

All core services are available, and our team continues to closely monitor data center activity. UA’s ongoing Gordon Palmer data center renovation, scheduled to be complete in February, includes redundant power equipment which should prevent this issue from occurring in the future.