Skip to main content

IT Project: Securing Northwestern Email

Project Status

May 2021: Phase One of the Securing Northwestern Email Project is complete. In collaboration with University schools and administrative units, Northwestern IT has completed the implementation timeline for applying the two security updates included in the scope of the project: activating Duo Multi-factor Authentication for Microsoft 365 (formerly Office 365 of O365) and decommissioning support for Basic Authentication on Microsoft 365 applications.

Project Timeline

Implementation Timeline

Project Charter

Background

The project work aligns with Microsoft's plans to end support for Basic Authentication in 2021. This outdated sign-on protocol relies on sending user names and passwords—often stored on or saved to a device—with every request for connection to systems and applications, increasing the risk of attackers capturing users' credentials. As most users' devices are already configured with Modern Authentication—an upgraded and more secure sign-on protocol—community impact is minimal.

The project also furthers Northwestern IT's work to provide Multi-factor Authentication technology, adding a critical extra layer of login protection for Northwestern systems. The University continues to be proactive in using various technologies to further protect personal employee data and the data of the entire University community. As members of the University community, it is everyone's responsibility to take steps to protect your NetID and password, which ultimately protects access to sensitive information on Northwestern administrative and departmental data systems.

Goals and Objectives

The Securing Northwestern Email project is part of Northwestern IT's continued commitment to maintaining consistent, effective, and secure delivery of services for the University community in a way that meets their needs efficiently, enabling them to be productive, while also safeguarding University data and information. It seeks to provide:

The primary goal of the Securing Northwestern Email project is to continue to strengthen the security for Northwestern-managed email accounts. Specifically, we are introducing two changes that will reduce the impact of compromised email accounts:

Approach

The project will be accomplished in three phases:

Discovery: June 2020-August 2020

Pilot period to develop support documentation and identify known issues

Planning: August 2020–November 2020

Coordination with University schools and units to finalize the timeline and strategic process

Implementation: Fall 2020–Spring 2021

Partnering with University schools and units to deploy implementation beginning in late November 2020. All Northwestern University accounts will receive these changes by spring 2021.

Project Timeline

Phase  Description Target Date Status
Discovery

Conduct pilots, garner feedback, finalize support documentation  

June – August 2020     Completed  
Planning

Collaborate with schools and units to determine timeline and process  

August – December 2020    Completed
Implementation Work with schools to deploy the changes to all remaining University accounts November 2020 – April 2021   Completed

Last Updated: 11 May 2021

Get Help Back to top