Criminals use stolen credentials to attack accounts and cause harm to organizations and individuals, but there are multiple, complimentary strategies that offer protection. Technology filters block many of these scams from inboxes. ITS provides educational material and other resources that help our community avoid phishing scams. We also intervene quickly when we are aware that an account has been compromised. Additionally, Microsoft 365 has a feature that can identify “high risk” behavior and immediately impose stronger authentication mechanisms as needed.
Microsoft 365 can classify or categorize a connection based on a number of qualities that collectively suggest that an account might be compromised. These “high risk” behaviors include, but are not limited to, signing in from a previously unknown location, atypical travel between locations, logging in from known risky IP addresses, and password attempts against multiple accounts from the same device. In response, Microsoft 365 will send a challenge through our Duo two-factor authentication (2FA) service. Legitimate login requests can simply be accepted at the Duo prompt, and access will be granted. This provides additional protection, but account holders must be vigilant as the Duo prompt follows a successful password attempt. If anyone receives a 2FA prompt for an authentication that they did not initiate, they should deny access and immediately change their password.
We are currently piloting this Microsoft 365 feature on ITS accounts and are tentatively planning to enable it for faculty, staff, and other employees starting on August 1, 2022. We expect that the high-risk challenges will occur infrequently, and the impact will be minimal, but we will observe the results carefully and course correct as needed. ITS will communicate broadly before implementation. We also ask that you share this information with your constituents.