[Campus Notice] Action Required: Initiate Multi-Factor Authentication for Your ORG Unit Email Account

UCR Information Technology Solutions tech-bulletin at lists.ucr.edu
Tue Dec 3 14:17:51 PST 2024 

Key Takeaways:

   -

   Multi-factor authentication (MFA) is now enabled on the ORG unit email
   account/s you own/manage.
   -

   Anyone who accesses your ORG’s shared email account is required to
   authenticate their login via MFA, similar to how you access your individual
   UCR email account.
   -

   If you use the ORG unit email account to log into any other services
   (e.g., Zoom), please note that it will also require MFA authentication.
   -

   The owner of the ORG unit email account must act now to ensure the
   account can continue to be accessed. Additional action may be required
   of other account users depending on the option selected.


Dear Highlander,

You are receiving this communication because you were identified as an
owner or manager of one or more organizational (ORG) email accounts at UC
Riverside. As we have communicated previously, in direct response to the UC
Cybersecurity Mandate <https://its.ucr.edu/cybersecurity-mandate-2025>, UCR
is further securing its email resources by implementing multi-factor
authentication (MFA) on all accounts, including ORG email accounts. This
change was implemented on December 2, 2024.
Action is Required

If you were not able to initiate the MFA setup for your ORG unit email
account ahead of the change, please act now to continue accessing your
account. The account owner has two options for compliance:


   -

   Option One: Turn your ORG unit email account into a shared department
   email. Instead of a singular email account that has one set of password
   credentials that is shared among team members, a shared department email
   allows for access delegation so that each team member can use their own
   individual credentials to access the mailbox.
   -

      Considerations: The benefit of this option is that the team will not
      need to register multiple devices with the account to access it. The
      disadvantage of this option is that it will not work if your
team uses the
      account to log into MFA-protected services like Zoom or Google Drive.
      -

      To select this option, fill out the request form
      <https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=b98274261bfe6810609f86e9cd4bcbfd>.
      Under “type of request,” select either Office 365 or R’Mail, depending on
      the email platform you are currently using. Please note in the
description
      that this is to bring the account into MFA compliance.
      -

   Option Two: Set up MFA for your ORG’s shared email account. With this
   option, those with the account credentials will continue to use those
   credentials, however, upon login they will be routed to the Duo page and
   asked to select a device for the MFA verification. This requires each user
   of the account to have a device connected to the account.
   -

      Considerations: This option should be selected by teams that require
      the ability to use the ORG unit account to log into
MFA-protected services
      like Zoom or Google Drive (rather than using their individual UCR
      accounts). The disadvantage of this option is that every person who needs
      to access this account must register a device with the account
or else they
      will have no means of authenticating.
      -

      To select this option, the account owner must submit a ticket
      <https://its.ucr.edu/help> to request MFA be set up for their ORG’s
      email account. After MFA is enabled, each team member who accesses the
      account must register a device.


If your ORG unit’s email account is already enrolled in MFA, please
disregard this message. If you have questions or concerns about the change,
or if you need assistance in accessing your ORG email account, please call
BearHelp support at (951) 827-4848 (Monday to Friday, from 8:00 am to 5:00
pm).

We appreciate your partnership as UCR strengthens its information security.
Implementing robust MFA on all accounts is one of the key steps in UCR’s
security plan to meet the new UC-wide cybersecurity requirements. To learn
more about these requirements and the role you play in helping us better
protect our campus, please visit the UC Cybersecurity Mandate 2025 webpage
<https://its.ucr.edu/cybersecurity-mandate-2025>.


Sincerely,

Dewight F. Kramer

Chief Information Security Officer

Sureyya Tuncel

Identity and Access Management Manager

Information Technology Solutions
University of California, Riverside





This email account is not monitored by ITS staff. If you require technical
support, please take one of the following actions:


   - Visit the ITS website at its.ucr.edu to find self-help articles,
   submit and track support tickets, request IT services, and more.
   - For live support, you can contact the BearHelp helpdesk at
   951-827-4848 from Monday to Friday, 8:00am to 5:00pm.
   - If you suspect you received a phishing email, please report it using
   PhishAlarm <https://its.ucr.edu/phishalarm>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/tech-bulletin/attachments/20241203/1582b017/attachment-0001.html>

More information about the Tech-Bulletin mailing list