Educause Security Discussion mailing list archives
Re: MFA/2FA Implementation Questions
From: Jamie Schademan <Jamie.Schademan () CWU EDU>
Date: Tue, 4 Feb 2020 17:24:24 +0000
Hello, We too are implementing the Microsoft MFA and so far, have only done so for our IT staff accessing 0365. So not very far. We use Shibboleth for SSO into our main portal of applications. We also use Radius to authenticate remote users. Is there anyone else with this type of setup that can provided some insight? Thanks in advance, Jamie [cid:image002.png@01D5DB3B.BA77BB60] Jamie Schademan, CISM Chief Information Security Officer Information Security Services Jamie.Schademan () cwu edu<mailto:Jamie.Schademan () cwu edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Bandy, John Sent: Tuesday, February 4, 2020 9:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] MFA/2FA Implementation Questions Caution: This email originated from outside the university. Do not click on links, open attachments, or reply unless you recognize the sender and know the content is safe. If you have questions about this email please forward it to cwuservicedesk () cwu edu<mailto:cwuservicedesk () cwu edu>. I responded via REN-ISAC. Let me know if you would like to have a more in depth conversation. John Bandy Chief Information Security Officer Technology Services 205-726-2692<tel:+1205-726-2692> | office 205-726-2692 | fax JBandy () Samford Edu<mailto:JBandy () Samford Edu> Twitter<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FSamfordInfoSec&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325524985193&sdata=X%2BTRxCTCPjLQRcaiMh2k%2B5M3zUWonq0EIK2C1Z2%2FN6w%3D&reserved=0> 800 Lakeshore Drive Birmingham, AL 35229<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2Fmaps%3Fq%3D800%2BLakeshore%2BDrive%2C%2BBirmingham%2C%2BAL%2B35229%2C%2BUS&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325524985193&sdata=cEssbTCwu7J9129npbgsuomMvNUbwHZGDn7pRt2RaKQ%3D&reserved=0> [mford Samford University Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Pardonek, Jim Sent: Tuesday, February 4, 2020 9:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [EXTERNAL][SECURITY] MFA/2FA Implementation Questions Hi All, Our MFA project has hit a few snags and our senior leadership is asking us to gather more information from other schools to identify and potential issues. Rather than Duo, the university opted for Microsoft and although mostly smooth so far, we still have some nagging problems that keep coming up. One that has come up as of late is modern auth support for android email. Seems like 3 months ago, the answer for anyone with an android was install the Outlook client. What we have been finding is that Samsung phones, for example, S7 or later that have a minimum email client version of 6.1.01.0 work with modern auth. Given the rabbit hole that androids can make. We are now being asked to test as many makes, models and versions of android phone that we can get our hands on. If anyone has done this research, we would appreciate any insight. I've asked this on a previous post but got no responses but thought I'd ask again regarding exception groups. Our current stance is to except Board members, Council of Regents and alumni. We would be interested in seeing what other schools are doing. Lastly if you would be kind enough to share any pitfalls, constraints and roadblock as well as implementation recommendations, we would greatly appreciate it. Thanks in advance. James Pardonek, MS, CISSP, CEH, GSNA Associate Director Chief Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the latest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Flucuiso%2F&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325524995187&sdata=Ct6VjWQXITpcBWocVaOsOUKMT0JcF4lNsmvd%2BmEVjKk%3D&reserved=0> Our Blog http://blogs.luc.edu/uiso/<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblogs.luc.edu%2Fuiso%2F&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325524995187&sdata=WbU5k6%2FBJrTB1sc43AkPlCXv00NsGwvzUS62AJX65dM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecure-web.cisco.com%2F15Le7rT49HxIRVnrGiiz4iZkUzcmOtq5St0E0n-tQbXUTexhS7NadPHV8NQGW-6axhQSWXK4nFKHmnOSnhVYq_pHwtYtxiG1DxlpAri_xfvlG8ZhRJKf-Hsb1Kz6VmONlt40PX3y5OcbgL5Xvs0r-wwnjLV3Sq63nJr_3PD3p0BwsRAZ1FORqeMKmxvgP71rErjqvYluVSZrD0QF867o3gilLAvzvs1LfrfsujLAJemXEZOHenOT7IKG0R89wJIx6J1hMCOfvkIzXdvxMk0m5PTCLkBiGW1_cGdRlM0xRUFKTWsWvtWLiyY0zU9T8cpetpQiVPYCNBauUeO--ENiFEQ%2Fhttps%253A%252F%252Fwww.educause.edu%252Fcommunity&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325525005181&sdata=64aFcAIucetGpQpoiymF3sDYGaf%2BVgwHU7o5sJK3c%2F8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjamie.schademan%40CWU.EDU%7C15cdcaa6a5de4e8a192208d7a994053c%7Cf891d6c191d6444ba700d371910716c7%7C0%7C0%7C637164325525005181&sdata=i32nkP1w09zGvWrzMx2UNZipCzlY%2BrOzo0muK59F1Fc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- MFA/2FA Implementation Questions Pardonek, Jim (Feb 04)
- Re: MFA/2FA Implementation Questions Barton, Robert W. (Feb 04)
- Re: MFA/2FA Implementation Questions Blake M Bourgeois (Feb 04)
- Re: MFA/2FA Implementation Questions Bandy, John (Feb 04)
- Re: MFA/2FA Implementation Questions Jamie Schademan (Feb 04)
- Re: MFA/2FA Implementation Questions Greg Williams (Feb 04)