Author Archives: mrichichi

Posts: 49 (archived below)
Comments: 5

How to Add Multifactor Methods to your Microsoft 365 account

On December 13th BCTC and CUNY CIS will make MFA mandatory for all faculty and staff.  If MFA is enforced and you don’t have multifactor methods enabled in advance you will have to do it before moving ahead with your sign-in.  Doing it in advance will help you log in when MFA is enforced for your account.

CUNY has a website that discusses MFA for M365, which includes an FAQ.

Please follow the instructions below to set up MFA.  You will be prompted to do this at login within the next few days, but you can set it up in advance of the prompt.

Log into Office 365 from the Quick Links drop-down using your CUNY login credentials, or go to “https://office.com” from your browser, and log in with your CUNY Login credentials to Micrsoft 365.

Select the QuickLInks menu on Baruch Websites, and go to Office 365.

In the upper right corner, click on your name.

Click on your name on the top right of the page.

 

A drop-down will appear—select View Account.

The "View Account" option is highlighted.

 

On the My Account page, look for the section called Security Info.  Select Update Info.

 

Click "Update Info" in the box titled "Security Info"

 

On the Security Info page, select +Add Sign in Method.

click on "Add sign-in method"

 

The add method screen will appear and prompt you to choose a method.  The prompts for each method will be straightforward. We recommend using the Authenticator App as your primary method.

Select at least one method. "Authenticator app" is highlighted here.

After you have added a few methods, you will want to ensure that the “Default sign-in method” listed is the one you prefer.  You will still be offered all methods when entering your sign-in verification.

When you are done, close the window to exit.

The BCTC help desk can assist, if you have any questions.

Posted in Uncategorized | Comments Off on How to Add Multifactor Methods to your Microsoft 365 account

Updates to CUNY Zoom Security

Please see the following message from CIS:

As previously communicated, we have implemented Zoom security settings on December 27th that enforced meeting passcodes and waiting rooms for all Zoom meetings. This email provides additional information regarding Zoom meeting passcodes and waiting rooms.
Passcodes
Any meetings that were scheduled prior to December 27th that did not require a passcode have been updated to require a passcode.
For these meetings, meeting organizers should send an invitation update that includes the passcode to ensure that attendees can access the meeting.
Regarding Waiting Rooms
The CUNY-wide Zoom waiting room setting means that meeting attendees either:
  • Wait in the waiting room until admitted by the person in charge of the meeting or a meeting co-host.
OR
  • Bypass the waiting room and be directly admitted to the meeting if they logged into the meeting using their CUNY Zoom account.
Zoom users can change their meeting security settings at https://cuny.zoom.us to require all attendees to be held in the waiting room OR allow some attendees to bypass the waiting room and immediately access the meeting.
For information on changing Zoom waiting room options, users can visit How do I change my Zoom meeting’s waiting room options? in CUNY IT Help or register to attend a Zoom Security Training Webinar on January 18, 23 or 24.
After CUNY made the security changes previously announced for December 27th it was determined that the changes reduced flexibility in a way that was unacceptable.  Not being able to change the waiting room behavior was not sufficient in the case of wanting to ensure that participants stayed in the waiting room before the meeting started.  CUNY thus reenabled the option to change the waiting room behavior for users.
This is a good time to continue to remind users that Zoom security is of paramount importance–CUNY is still besieged by Zoombombing incidents that are disruptive and disturbing to the community.  Ensuring that meetings are secured to the maximum extent possible greatly reduces the possibility of disruption and may allow us to determine the responsible parties and refer for appropriate disciplinary action.
We also strongly recommend attending one of the Zoom Security Training Webinars referred to above.
Posted in Uncategorized | Comments Off on Updates to CUNY Zoom Security

Security Changes to Zoom (update)

At 6pm on December 27th CUNY CIS will enforce the following Zoom security settings to ensure meeting security:

  • A passcode will be required when setting up all Zoom meetings (scheduled, instant and personal) and webinars 
  • All Zoom meeting and webinar attendees will be required to enter the passcode to access the meeting
  • The use of the Zoom waiting room to validate attendees will be enforced  

These changes will be for all CUNY users and can not be overridden individually or by campus.

Please note that CUNY has set the waiting room options to have anyone in the CUNY Zoom instance to bypass the waiting room by default, and this option also can’t be overridden:

Screenshot of Waiting Room security options showing the the waiting room is bypassed for authenticated users on the same account.

We do anticipate this may necessitate a change in open meetings for support; the potential solution is to require registration and publicly post the registration link instead of the open meeting link.  This will also allow offices holding Zoom office hours to get emails of their customers for followup.

This change is a full enforcement of the current CUNY policy on securing Zoom meetings and is a response to continued meeting disruptions (“zoombombing”) across CUNY.

  • You can learn more about these changes, as well as best practices when setting up and running Zoom meetings, by attending one of the following training sessions:  Wednesday, December 28, 2-3pm Wednesday, January 11, 2-3pm Tuesday, January 24, 11am-12pm  To register for one of these training sessions, please visit https://us02web.zoom.us/meeting/register/tZcrfuqorT4vE9G5hGqvUyJM3bbXQMohEm8E  If you are unable to attend the training, you can either review: 
  • A training recording to be available with other Zoom training recordings in the CIS Training Zoom channel in Microsoft 365 Stream.
  • The Zoom Security Protocol document on the CUNY website and in CUNY IT Help [KB0011713] outlines required and recommended Zoom settings, as well as best practices, to ensure safe and secure Zoom meetings and webinars.
Posted in Uncategorized | Comments Off on Security Changes to Zoom (update)

eduroam now available at Baruch

The “eduroam” wireless network is now available at Baruch!  Thank you to the networking team at Baruch and CUNY CIS for getting this done.

What this means is that any user from another eduroam organization can log into the Wi-Fi at Baruch by using the “eduroam” SSID and the login credentials from their home institution.  Baruch users can also use their CUNY Login username and password to connect to eduroam both on campus and at any other eduroam institution.  Users from other CUNY schools who come to Baruch can also use eduroam and their CUNY Login to access wireless while on campus.

While you will now see the eduroam SSID everywhere on campus, you should continue to use the Baruch SSID for your normal network access if you’re a Baruch student, faculty or staff member, since it will provide access to additional on-campus resources that eduroam will not.

Connecting to eduroam

In most cases, you will just need to find the “eduroam” wireless network, and when it asks for a username and password provide your CUNY Login username (firstname.lastnamexx@login.cuny.edu) and password.  If you need to configure settings, the following ones will work:

Security:  WPA2 Enterprise
EAP method: PEAP
CA Certificate:  don’t validate
Phase 2 Authentication: GTC

Attached is a screenshot from a Samsung phone showing the setup with the above options (in most cases you shouldn’t need to enter anything but the “CA Certificate” option)

Android phone connecting to eduroam SSID, with Security set to WPA/WPA2 Enterprise, CA certificate set to "don't validate" and Phase 2 authentication set to "GTC"

This is what it looks like on an iPhone:

Connectign to "eduroam" Username is CUNY Login, password is CUNY Login password.

 

Windows and macOS are similar as well.  Once you configure eduroam at Baruch it will work anyplace eduroam is available.

For additional information about eduroam you can go to https://eduroam.org/ .

We look forward to being able to provide this service to the Baruch community as well as both CUNY and external visitors to Baruch.

 

Posted in Uncategorized | Comments Off on eduroam now available at Baruch

WiFi Troubleshooting

New and returning students frequently have challenges connecting to WiFi at the start of the semester. BCTC identified a timing issue that was affecting the ability of students to connect with their Baruch username and password; we have adjusted the parameters on the WiFi network and we believe we have improved that situation.

If you do not know your Baruch username and password, you can reset it at https://mypassword.baruch.cuny.edu/ if you have previously set your password recovery items there; you can also contact the BCTC Helpdesk who can assist in resetting the password.

It is impossible for BCTC to test for connectivity for every device and every combination of operating system, network drivers, etc. If you know you have the correct password and still are not connecting reliably you should make sure you’re running the most recent version of whatever operating system you have, and if there are separate network drivers available for your device you can upbrade those as well. BCTC can assist if necessary as well.

Posted in Uncategorized | Comments Off on WiFi Troubleshooting

M365 Basic Authentication Disabled for all CUNY accounts

Effective August 1st, 2022, CUNY CIS has disabled M365 Basic Authentication for all CUNY accounts.

What this means is that older clients and methods of access to the CUNY M365 environment (this includes faculty/staff email through the “CUNY tenant” and all student access to M365 including baruchmail.cuny.edu) no longer work. This change is necessary both to improve security of the M365 environment and allow for the enforcement of multifactor authentication (which was previously enabled for student accounts and will be enabled for faculty and staff accounts shortly.)

Among other things this affects it affects people who are using the Gmail POP3 importer. Gmail has not updated this interface to use modern authentication, and if they do not before October 1st 2022 when Microsoft will completely disable basic authentication for all Microsoft accounts it will stop working for everyone. Users who are affected can read their CUNY email via the web client, the native M365 support in iOS and Android (both of which support modern authentication), the Outlook client (for Mac, Windows, iOS or Android), or any other application that supports modern authentication (also known as OAuth) for POP or IMAP. POP and IMAP access is still enabled when modern authentication is used.

This change is necessary because of the high number of compromised accounts we have seen. If you have received messages from a CUNY address that are scams (these are often employment scams) you know the impact of having accounts that are easily compromised. Enabling modern authentication both reduces the likelihood of this occurring and allows us to fully enforce multifactor authentication which further reduces the chance of account compromise.

Please note that basic authentication was already disabled for faculty and staff M365 accounts in June.

Posted in Uncategorized | Comments Off on M365 Basic Authentication Disabled for all CUNY accounts

Configuring macOS Mail for Baruch M365 Email

  1. Open the “Mail” app:
    macOS Mail app
  2. If this is the first account you’re entering, you’ll be prompted to add the account, otherwise you’ll need to manually add a new account. Select “Microsoft Exchange”:

  3. Enter your name and your CUNY Login ID in the box and click “Sign In”:
  4. At the next screen, click “Sign In” again:

  5. You will be presented with the CUNY Web Applications Login, log in with your CUNY Login ID and password:



  6. Click the apps you want synced to your “Mac” and then click “Done”:


  7. The last step is to ensure that your Baruch email address is used for outgoing messages. In Mail, go to the “Mail” menu and select “Preferences”:


  8. In the Preferences window, you’ll see the new account you added. Click on the email address and select “Edit Email Addresses”:





  9. In the list of email addresses, simply click on the @login.cuny.edu address and change it to your @baruch.cuny.edu email address (note: you will not be able to use an email address for which you are not authorized):



  10. Once that is completed you should be able to use the Mail app to send and receive email from your Mac.
Posted in Uncategorized | Comments Off on Configuring macOS Mail for Baruch M365 Email

Configuring the Android Mail app for access to your Baruch M365 Email account

Most Android devices have a “Mail” or “Email” application that can be used to read your Microsoft 365 email. These screenshots were taken on a Galaxy S21 Ultra but the instructions should be similar on any Android device running a current version of Android.

  1. Open the “Email” app on your device.
  2. You should get an option to “Set up Email”. Pick the “Office 365” option:
    Set Up Email, select "Office 365"

At the “Sign In” screen, enter your CUNY Login ID (firstname.lastnameXX@login.cuny.edu):
Sign in with your CUNY Login

You will be taken to the CUNY Web Applications Login page, where you will login with your CUNY Login ID and password:
CUNY Web Applications Login

Once you log in you may get a permissions dialog from Microsoft asking you to authorize the Email app to have access to your Microsoft 365 account. Click “Accept”:
Microsoft permissions dialog, click "accept"

The Android Email app will then ask you to authorize M365 to be able to configure your device. You should click “activate” here:

You’ll then get a screen asking how much mail you want downloaded to the device, and whether or not calendars, contacts, and tasks should sync to your device. Selectd your desired settings and click “Done”:

Your email app is now configured for use with your Baruch M365 account.

Posted in Uncategorized | Comments Off on Configuring the Android Mail app for access to your Baruch M365 Email account

Configuring Outlook for Windows for your Baruch M365 Email Account

As of May 3rd, 2022 all faculty and staff users are using Microsoft 365 for their Baruch email address (@baruch.cuny.edu).

To configure Outlook to use M365, first download and install Office from http://www.office.com after logging in with your CUNY Login. Then start Outlook on your computer. You will get a screen where you should enter your baruch.cuny.edu email address:

Outlook screen where you should enter your baruch.cuny.edu address

When you enter your email address you may be prompted with a CUNY Web Applications Login dialog; if so, enter your CUNY Login ID and password:

Once complete you will get a dialog showing your the email address. Select “Done”:

You can then restart Outlook normally, and your email should appear within Outlook.

Posted in Uncategorized | Comments Off on Configuring Outlook for Windows for your Baruch M365 Email Account

Deploying Email Fixes

BCTC has developed and tested the strategy for resolving the remaining email and calendar transition issues and will be deploying it to administrative offices over the coming days.

The steps include building a new Outlook profile that only talks to Microsoft 365 and making the baruch.cuny.edu address primary there. We are also simplifying access to shared mailboxes.

We are working to deploy this solution as quickly as possible to all administrative offices; we will be coordinating with divisional vice presidents to schedule on a per-office basis (as defined by the VPs and relevant managers). We need all staff in an office to be available in person or remotely accessing their office computer when the transition is made. Even though most of the changes will be deployed automatically, we will be available via Zoom during an office’s cutover to ensure that users can log in and access email, as well as configure access to any shared mailboxes.

If you have not been able to migrate your email to the new system, you will be instructed to access it through webmail at https://mymail.baruch.cuny.edu/ for the time being. We are nearing the ability to complete migrating maliboxes in an automated fashion in the background, a process that may take several weeks but will happen with no additional user intervention.

Posted in Uncategorized | 1 Comment