Author Archives: mrichichi

MFA will soon be mandatory for all faculty, staff and students.  We intend to start enforcing MFA for faculty and staff starting on September 29th and gradually turning it on over the next two weeks.  If you have MFA enforced before you’ve added multifactor authentication methods to your account, you will have to add the methods before moving ahead with Microsoft 365.  Doing it in advance will help you log in when MFA is enforced for your account.

CUNY has a website that discusses MFA for M365, which includes an FAQ.

Please follow the instructions below to set up MFA.  You will be prompted to do this at login within the next few days, but you can set it up in advance of the prompt.

Log into Office 365 from the Quick Links drop-down using your CUNY login credentials, or go to “https://office.com” from your browser, and log in with your CUNY Login credentials to Micrsoft 365.

In the upper right corner, click on your name.

A drop-down will appear—select View Account.

On the My Account page, look for the section called Security Info.  Select Update Info.

On the Security Info page, select +Add Sign in Method.

The add method screen will appear and prompt you to choose a method.  The prompts for each method will be straightforward. We recommend using the Authenticator App as your primary method.

After you have added a few methods, you will want to ensure that the “Default sign-in method” listed is the one you prefer.  You will still be offered all methods when entering your sign-in verification.

When you are done, close the window to exit.

The BCTC help desk can assist, if you have any questions.

Please see the following message from CIS:

As previously communicated, we have implemented Zoom security settings on December 27th that enforced meeting passcodes and waiting rooms for all Zoom meetings. This email provides additional information regarding Zoom meeting passcodes and waiting rooms.

At 6pm on December 27th CUNY CIS will enforce the following Zoom security settings to ensure meeting security:

• A passcode will be required when setting up all Zoom meetings (scheduled, instant and personal) and webinars 
• All Zoom meeting and webinar attendees will be required to enter the passcode to access the meeting
• The use of the Zoom waiting room to validate attendees will be enforced  

These changes will be for all CUNY users and can not be overridden individually or by campus.

Please note that CUNY has set the waiting room options to have anyone in the CUNY Zoom instance to bypass the waiting room by default, and this option also can’t be overridden:

We do anticipate this may necessitate a change in open meetings for support; the potential solution is to require registration and publicly post the registration link instead of the open meeting link.  This will also allow offices holding Zoom office hours to get emails of their customers for followup.

This change is a full enforcement of the current CUNY policy on securing Zoom meetings and is a response to continued meeting disruptions (“zoombombing”) across CUNY.

• You can learn more about these changes, as well as best practices when setting up and running Zoom meetings, by attending one of the following training sessions:  
  
  Wednesday, December 28, 2-3pm 
  Wednesday, January 11, 2-3pm 
  Tuesday, January 24, 11am-12pm  
  
  To register for one of these training sessions, please visit https://us02web.zoom.us/meeting/register/tZcrfuqorT4vE9G5hGqvUyJM3bbXQMohEm8E  
  
  If you are unable to attend the training, you can either review: 

• A training recording to be available with other Zoom training recordings in the CIS Training Zoom channel in Microsoft 365 Stream.
  
• The Zoom Security Protocol document on the CUNY website and in CUNY IT Help [KB0011713] outlines required and recommended Zoom settings, as well as best practices, to ensure safe and secure Zoom meetings and webinars.

The “eduroam” wireless network is now available at Baruch!  Thank you to the networking team at Baruch and CUNY CIS for getting this done.

What this means is that any user from another eduroam organization can log into the Wi-Fi at Baruch by using the “eduroam” SSID and the login credentials from their home institution.  Baruch users can also use their CUNY Login username and password to connect to eduroam both on campus and at any other eduroam institution.  Users from other CUNY schools who come to Baruch can also use eduroam and their CUNY Login to access wireless while on campus.

While you will now see the eduroam SSID everywhere on campus, you should continue to use the Baruch SSID for your normal network access if you’re a Baruch student, faculty or staff member, since it will provide access to additional on-campus resources that eduroam will not.

Connecting to eduroam

In most cases, you will just need to find the “eduroam” wireless network, and when it asks for a username and password provide your CUNY Login username (firstname.lastnamexx@login.cuny.edu) and password.  If you need to configure settings, the following ones will work:

Security:  WPA2 Enterprise
EAP method: PEAP
CA Certificate:  don’t validate
Phase 2 Authentication: GTC

Attached is a screenshot from a Samsung phone showing the setup with the above options (in most cases you shouldn’t need to enter anything but the “CA Certificate” option)

This is what it looks like on an iPhone:

Windows and macOS are similar as well.  Once you configure eduroam at Baruch it will work anyplace eduroam is available.

For additional information about eduroam you can go to https://eduroam.org/ .

We look forward to being able to provide this service to the Baruch community as well as both CUNY and external visitors to Baruch.

New and returning students frequently have challenges connecting to WiFi at the start of the semester. BCTC identified a timing issue that was affecting the ability of students to connect with their Baruch username and password; we have adjusted the parameters on the WiFi network and we believe we have improved that situation.

If you do not know your Baruch username and password, you can reset it at https://mypassword.baruch.cuny.edu/ if you have previously set your password recovery items there; you can also contact the BCTC Helpdesk who can assist in resetting the password.

It is impossible for BCTC to test for connectivity for every device and every combination of operating system, network drivers, etc. If you know you have the correct password and still are not connecting reliably you should make sure you’re running the most recent version of whatever operating system you have, and if there are separate network drivers available for your device you can upbrade those as well. BCTC can assist if necessary as well.

Effective August 1st, 2022, CUNY CIS has disabled M365 Basic Authentication for all CUNY accounts.

What this means is that older clients and methods of access to the CUNY M365 environment (this includes faculty/staff email through the “CUNY tenant” and all student access to M365 including baruchmail.cuny.edu) no longer work. This change is necessary both to improve security of the M365 environment and allow for the enforcement of multifactor authentication (which was previously enabled for student accounts and will be enabled for faculty and staff accounts shortly.)

Among other things this affects it affects people who are using the Gmail POP3 importer. Gmail has not updated this interface to use modern authentication, and if they do not before October 1st 2022 when Microsoft will completely disable basic authentication for all Microsoft accounts it will stop working for everyone. Users who are affected can read their CUNY email via the web client, the native M365 support in iOS and Android (both of which support modern authentication), the Outlook client (for Mac, Windows, iOS or Android), or any other application that supports modern authentication (also known as OAuth) for POP or IMAP. POP and IMAP access is still enabled when modern authentication is used.

This change is necessary because of the high number of compromised accounts we have seen. If you have received messages from a CUNY address that are scams (these are often employment scams) you know the impact of having accounts that are easily compromised. Enabling modern authentication both reduces the likelihood of this occurring and allows us to fully enforce multifactor authentication which further reduces the chance of account compromise.

Please note that basic authentication was already disabled for faculty and staff M365 accounts in June.

1. Open the “Mail” app:
   
2. If this is the first account you’re entering, you’ll be prompted to add the account, otherwise you’ll need to manually add a new account. Select “Microsoft Exchange”:
   
   
3. Enter your name and your CUNY Login ID in the box and click “Sign In”:
   
4. At the next screen, click “Sign In” again:
   
   
5. You will be presented with the CUNY Web Applications Login, log in with your CUNY Login ID and password:
   
   
   
   
6. Click the apps you want synced to your “Mac” and then click “Done”:
   
   
   
7. The last step is to ensure that your Baruch email address is used for outgoing messages. In Mail, go to the “Mail” menu and select “Preferences”:
   
   
   
8. In the Preferences window, you’ll see the new account you added. Click on the email address and select “Edit Email Addresses”:
   
   
   
   
   
   
9. In the list of email addresses, simply click on the @login.cuny.edu address and change it to your @baruch.cuny.edu email address (note: you will not be able to use an email address for which you are not authorized):
   
   
   
   
10. Once that is completed you should be able to use the Mail app to send and receive email from your Mac.
    

Most Android devices have a “Mail” or “Email” application that can be used to read your Microsoft 365 email. These screenshots were taken on a Galaxy S21 Ultra but the instructions should be similar on any Android device running a current version of Android.

1. Open the “Email” app on your device.
2. You should get an option to “Set up Email”. Pick the “Office 365” option:
   

At the “Sign In” screen, enter your CUNY Login ID (firstname.lastnameXX@login.cuny.edu):

You will be taken to the CUNY Web Applications Login page, where you will login with your CUNY Login ID and password:

Once you log in you may get a permissions dialog from Microsoft asking you to authorize the Email app to have access to your Microsoft 365 account. Click “Accept”:

The Android Email app will then ask you to authorize M365 to be able to configure your device. You should click “activate” here:

You’ll then get a screen asking how much mail you want downloaded to the device, and whether or not calendars, contacts, and tasks should sync to your device. Selectd your desired settings and click “Done”:

Your email app is now configured for use with your Baruch M365 account.

As of May 3rd, 2022 all faculty and staff users are using Microsoft 365 for their Baruch email address (@baruch.cuny.edu).

To configure Outlook to use M365, first download and install Office from http://www.office.com after logging in with your CUNY Login. Then start Outlook on your computer. You will get a screen where you should enter your baruch.cuny.edu email address:

When you enter your email address you may be prompted with a CUNY Web Applications Login dialog; if so, enter your CUNY Login ID and password:

Once complete you will get a dialog showing your the email address. Select “Done”:

You can then restart Outlook normally, and your email should appear within Outlook.

BCTC has developed and tested the strategy for resolving the remaining email and calendar transition issues and will be deploying it to administrative offices over the coming days.

The steps include building a new Outlook profile that only talks to Microsoft 365 and making the baruch.cuny.edu address primary there. We are also simplifying access to shared mailboxes.

We are working to deploy this solution as quickly as possible to all administrative offices; we will be coordinating with divisional vice presidents to schedule on a per-office basis (as defined by the VPs and relevant managers). We need all staff in an office to be available in person or remotely accessing their office computer when the transition is made. Even though most of the changes will be deployed automatically, we will be available via Zoom during an office’s cutover to ensure that users can log in and access email, as well as configure access to any shared mailboxes.

If you have not been able to migrate your email to the new system, you will be instructed to access it through webmail at https://mymail.baruch.cuny.edu/ for the time being. We are nearing the ability to complete migrating maliboxes in an automated fashion in the background, a process that may take several weeks but will happen with no additional user intervention.