Re: [External] [SECURITY] Done in 60 seconds - who doesn't love a short survey

["Gregg, Christopher S." <csgregg () STTHOMAS EDU>]

Hi Chad,

I responded to your survey, but I should add some context to my responses.

We use Microsoft MFA and not Duo.

We exempt our campus networks from MFA for Office365.  For higher risk systems like our ERP we do not exempt our campus 
networks.

Our plan is to move to Conditional Access soon which will give us the ability to more granularly set which factors are 
required and in which situations.

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Chad Tracy
Sent: Monday, May 20, 2019 12:39 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] [SECURITY] Done in 60 seconds - who doesn't love a short survey

Afternoon everyone,

There was a lot of talk during the Educause Security Professionals Conference about two factor and whether or not 
institutions exempt certain networks (classrooms or common area) on campus from requiring two factor authentication. I 
would love to take a look behind the curtain and see what everyone is doing. I will share results with those who would 
like to see.

https://forms.gle/vV8dcxH9UCirE3eTA<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.gle%2FvV8dcxH9UCirE3eTA&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C21eb6354d9374e0c2d1208d6dd543fee%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C1%7C636939751290464814&sdata=Mt4UFJklqMBnRdidXV04C1dh8KT%2B2O%2BN8ywpcn1rEJw%3D&reserved=0>

Cheers,

Chad
--
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491