Starting on August 1, 2022, ITS is turning on extra protection on Microsoft 365. If our systems detect behavior on your account that indicate someone has stolen your NetID and password, you will receive a Duo two-factor authentication (2FA) prompt when you log in to a Microsoft 365 application, such as OneDrive (file storage) or Outlook (email). If you are the one logging into your account and you receive the Duo prompt, simply accept it to gain access to your account. If you receive a prompt for a login that you did not initiate, then deny access and immediately change your password at netid.uconn.edu.
Why is ITS doing this?
Criminals use stolen credentials to attack accounts and cause harm to you and others. At a minimum, these account compromises are an inconvenience to rectify; at their worst, they can have devastating personal and financial repercussions. Adding Duo 2FA protection can drastically minimize the impact an account compromise.
What is considered a “high risk” behavior?
Microsoft 365 has a feature that can detect certain red flags that may collectively indicate an account has been compromised. These include, but are not limited to, signing in from a previously unknown location, atypical travel between locations, logging in from known risky IP addresses, and password attempts against multiple accounts from the same device.
Most account activity will not trigger this security feature. We expect that the high-risk challenges will occur infrequently, and the impact will be minimal.
How can you prepare?
We recommend that you have a mobile device enrolled as one of your second-factor devices so that you have the greatest flexibility. You can add and manage your devices on the 2FA portal.
For more information, contact: Technology Support Center at techsupport.uconn.edu