Introduction of Multi-Factor Authentication and Cisco AnyConnect

Back to news16/06/2023

Introduction of Multi-Factor Authentication and Cisco AnyConnect

Recent IT security incidents have accelerated the process through which IT aims to enhance the security of our monitored systems.

Systems belonging to the Microsoft universe (such as Outlook, Teams, SharePoint, etc.) allow the introduction of multi-factor authentication, which IT has already tested in certain areas. Using the experience gained from these test implementations, we will gradually introduce the service to all Microsoft accounts, including student accounts, between July 6 and September 1, 2023.

We will maintain continuous communication regarding this matter with the relevant areas, as well as directly with colleagues and students. Overview of Microsoft MFA: This is similar to what banks require for online purchases. A second level of authentication must be performed before a transaction is executed.

Two-step verification makes it more difficult for unauthorized individuals to access protected Microsoft accounts. The service verifies identity in two ways: first with a password and then by providing a contact method (also known as security information). Even if someone obtains the password, they cannot log in without access to the security information. Therefore, it is important to use different passwords for each account.
Within the university’s secure network, whether using wired, Wi-Fi, or VPN connections, only a password will be required as before. This means that office, classroom, or laboratory machines used within the university premises will continue to be accessed in the usual manner.
Outside the university’s secure network, login will only be possible by using the preconfigured second step, which can be a mobile app confirmation, SMS, or phone call. However, if these options are not available, login will fail. Similarly, if the mobile phone is not accessible or the device is not connected to the internet, etc., access will be denied. In such cases, the account will not be accessible, and email, Teams calls, etc., will not be possible.

IT will implement the service mandatory for all Microsoft accounts under its supervision, without exceptions. Once the events described in the previous section are realized, IT will not override or change the configured parameters.

For office, classroom, or laboratory machines used within the university premises, login will continue to require only a password in the usual manner. IT can activate the service, and you will be able to activate it yourself when you leave the university’s secure network.

You can find Microsoft’s description of the service here. The informational material about the possibilities of setting up the Microsoft Authenticator is attached here.