Skip to main content
IT Service Status
IT Service Status

IT Project: Securing Northwestern Email

Project Status

May 2021: Phase One of the Securing Northwestern Email Project is complete. In collaboration with University schools and administrative units, Northwestern IT has completed the implementation timeline for applying the two security updates included in the scope of the project: activating Duo Multi-factor Authentication for Microsoft 365 (formerly Office 365 of O365) and decommissioning support for Basic Authentication on Microsoft 365 applications.

Project Timeline

Implementation Timeline

Project Charter

Background

The project work aligns with Microsoft's plans to end support for Basic Authentication in 2021. This outdated sign-on protocol relies on sending user names and passwords—often stored on or saved to a device—with every request for connection to systems and applications, increasing the risk of attackers capturing users' credentials. As most users' devices are already configured with Modern Authentication—an upgraded and more secure sign-on protocol—community impact is minimal.

The project also furthers Northwestern IT's work to provide Multi-factor Authentication technology, adding a critical extra layer of login protection for Northwestern systems. The University continues to be proactive in using various technologies to further protect personal employee data and the data of the entire University community. As members of the University community, it is everyone's responsibility to take steps to protect your NetID and password, which ultimately protects access to sensitive information on Northwestern administrative and departmental data systems.

Goals and Objectives

The Securing Northwestern Email project is part of Northwestern IT's continued commitment to maintaining consistent, effective, and secure delivery of services for the University community in a way that meets their needs efficiently, enabling them to be productive, while also safeguarding University data and information. It seeks to provide:

  • Further protection of sensitive data, even in the event that a user NetID and password become compromised
  • Mitigation against phishing attacks by preventing access to sensitive information
  • Convenient security functionality on and off campus, via a variety of device types

The primary goal of the Securing Northwestern Email project is to continue to strengthen the security for Northwestern-managed email accounts. Specifically, we are introducing two changes that will reduce the impact of compromised email accounts:

  • Activating Duo Multi-factor Authentication (MFA) for Microsoft 365 (formerly Office 365 or O365) applications—This enhancement impacts all students, faculty, staff, and affiliate accounts, as each Microsoft 365 application is in scope—including Outlook email, Teams, SharePoint, OneDrive, and Excel, among others. Authenticating with Duo MFA on Microsoft 365 will work the same way it does on other prominent, secure systems across Northwestern.
  • Decommissioning support for Basic Authentication on Microsoft 365 applications—Most users' devices are already configured with Modern Authentication and will not notice any impact in access or use of Northwestern email or other Microsoft 365 applications. However, those who are using an older version of Outlook, or accessing email using something other than Outlook, may need to take action to ensure there is no disruption to email access from their computers and mobile devices.

Approach

The project will be accomplished in three phases:

Discovery: June 2020-August 2020

Pilot period to develop support documentation and identify known issues

Planning: August 2020–November 2020

Coordination with University schools and units to finalize the timeline and strategic process

Implementation: Fall 2020–Spring 2021

Partnering with University schools and units to deploy implementation beginning in late November 2020. All Northwestern University accounts will receive these changes by spring 2021.

Project Timeline

Phase  Description Target Date Status
Discovery

Conduct pilots, garner feedback, finalize support documentation  

 June – August 2020     Completed  
Planning

Collaborate with schools and units to determine timeline and process  

 August – December 2020    Completed
Implementation Work with schools to deploy the changes to all remaining University accounts November 2020 – April 2021   Completed