UConn Audit and Management Advisory Services (AMAS) recently completed a review of our Microsoft 365 tenant. This is a dedicated instance of Microsoft 365 services for our institutional data stored within a specific location, such as Europe or North America. AMAS tested our tenant using the Center for Internet Security (CIS) industry standard benchmark. They provided specific findings and recommendations pertaining to increasing environment security. ITS concurs, and we will be making changes that impact the frequency of authentication, access to external apps and providers, and recordings in Teams. Below is the full list of changes and whom they affect.
For administrators:
· Sign in will expire after 24 hours and require reauthentication to resume.
· Microsoft multi-factor authentication will be required to log in
For UConn community:
· Browser sessions will timeout after one hour of inactivity on devices not managed by UConn or on an Apple device. The option to remain signed in will be disabled. This change will not apply to Microsoft 365 use through a desktop client.
· LinkedIn account connections to UConn Microsoft accounts will be disabled.
· Access to user-owned apps and services in the Microsoft Office Store will be disabled.
· Individual participants will be required to provide consent when a Teams meeting recording and/or transcription is initiated. If they do not, they will be able to view and hear the meeting, but their microphone and video will be disabled.
We are tentatively planning to implement these updates on Tuesday, August 13th. Where practical, changes will be implemented for ITS first so that we can make any necessary adjustments before wider adoption. We will broadly communicate to the community in August.