Re: [External] [SECURITY] MFA in classrooms

["Menne, Michael S" <000002306ce3cd04-dmarc-request () LISTSERV EDUCAUSE EDU>]

We have explicitly stayed away from conditional access policies for MFA to create less confusion and given the 
complexities of maintaining them in our environment.

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
Cell: (507) 405-0717
https://mankato.mnsu.edu/cyberaware

[signature_1922465205]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Gregg, 
Christopher S." <csgregg () STTHOMAS EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, April 30, 2021 at 1:07 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] [External] [SECURITY] MFA in classrooms

We exempt MFA for Office365 from on campus.  Other systems with sensitive category data require MFA from everywhere.  
Many academic focused systems do not have MFA at all (yet anyway).

We are hoping to look into creating more granular, flexible MFA rules using Conditional Access in the near future as we 
revisit things for our longer term remote work plans.

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Innovation & Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | 
stthomas.edu<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stthomas.edu%2F&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C3f6b4fd2c00e454d14e008d90c02a0fa%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637554028302327695%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OZn2Ux%2FN6clNNg4adFAzkQz%2Bw6JZ8PcqThkFjTjQaT8%3D&reserved=0>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mark Reboli
Sent: Friday, April 30, 2021 12:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] [SECURITY] MFA in classrooms

All, I am wondering how others have addressed access by faculty in classrooms to resources that require MFA:

Do you require MFA in classrooms?

If you do not, how do you address this area?

Thank you.

M

Mark Reboli
Network/Telecom/IT Security Manager
Misericordia University
301 Lake Street Dallas, PA 18612
(570)674-6753

This e-mail and accompanying attachments are confidential.  The information is intended solely for the use of the 
individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication 
by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this 
message to the sender and delete all copies. Thank you for your cooperation.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C3f6b4fd2c00e454d14e008d90c02a0fa%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637554028302337648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ypMJ7TUvUe68bbeQAE5pn%2BMJbcVo1EKM4jU42LRbbj0%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C3f6b4fd2c00e454d14e008d90c02a0fa%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637554028302337648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ypMJ7TUvUe68bbeQAE5pn%2BMJbcVo1EKM4jU42LRbbj0%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community