FDU-Secure uses current encryption standards to connect to the FDU wireless network via secure wireless traffic. This is an evolving technology and occasionally, one of the changes made by FDU IT requires us to issue a new certificate. When this occurs, you will need to accept the certificate using the process below.

How to Accept the New Certificate for FDU-Secure Wireless

1. Login to your Windows computer
2. Go to the bottom right taskbar > Click on the “Networks” icon:
   • From the Networks list, select: “FDU-Secure“
   • Click “Connect“
3. At the “Continue connection?” prompt, click “Connect“

4. Open your browser and test your Internet connection

1. Login to your Mac computer
2. Go to top right menu bar > Click “Wi-Fi” icon:
   • From the Wi-Fi list, select: “FDU-Secure“
   • Click “Join“
3. At the “Authenticating to network FDU-Secure” prompt, click “Continue“

4. Click “OK“
5. Open your browser and test your Internet connection

1. Login your iOS device (eg. iPhone)
2. Go to your device’s Settings App > Select “Wi-Fi” > Select “FDU-Secure” > Click “Forget This Network“
3. Tap the “Back” button and select “Wi-Fi “once again to reload the available Wi-Fi networks:
   • From the Wi-Fi list, select: “FDU-Secure“
   • Enter your complete FDU NetID as in the examples below: “username@fdu.edu, username@student.fdu.edu, username@alumni.fdu.edu”
   • Enter your FDU NetID Password
   • Click Join

4. At the “Certificate” prompt, tap “Trust“

5. Open your browser and test your Internet connection

1. Login to your Android Device
2. Open the “Settings” Application > Select “Wi-Fi” > Select the Gear icon next to FDU-Secure

3. Select “Forget This Network“

4. Select FDU-Secure from the Wi-Fi menu

5. Select “EAP method” and select “PEAP” from the dropdown menu
6. Enter your complete FDU NetID and password
7. In the “CA Certificate” field, select “Use System Certificates”
8. In the Domain field, enter fdu.edu
9. Enable “Auto Reconnect“
10. Tap “Connect”

11. Open your browser and test your Internet connection

Revision Date: New Policy
Effective Date: 11/1/2023

Section A – University Systems and Applications

I. Purpose

The purpose of this policy is to establish information security standards for individuals receiving credentials to Fairleigh Dickinson University (“FDU” or “University”) resources and how those resources are accessed.

II. Scope and Applicability

This policy applies to all university system resources. All Users are responsible for adhering to this policy.

III. Definitions

Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.

1. Account: An established relationship between a User and a computer, network, or Information System which is assigned a credential such as a username and password.
   
2. System Administrative Account: An Account with elevated privileges intended to be used only when performing management tasks, such as installing updates and application software, managing user accounts, and modifying operating system and application settings.
   
3. Entitled Account: A user who has met the minimum requirement to be granted authorization to access electronic Fairleigh Dickinson University Resources.
   
4. Authorized User: A User who has been granted authorization to access electronic Fairleigh Dickinson University Resources and is current and active in their privileges.
   
5. Contractor or Vendor: A person or a company that undertakes a contract to provide materials or labor to perform a service.
   
6. Employee: University staff faculty and adjunct, including nonexempt, exempt, and overseas staff and collegiate faculty.
   
7. Multi-Factor Authentication (MFA): Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric).
   
8. Privileged Account: An Account that is authorized to perform security-relevant functions that an ordinary Account is not authorized to perform.
   
9. Single Sign-On (SSO): An authentication process that allows an Authorized User to access multiple applications with one set of login credentials. SSO is a common procedure in enterprises, where a client accesses multiple resources connected to a local area network (LAN).
   
10. User: A member of the University community, including but not limited to Staff and Faculty, and other individuals performing services on behalf of University, including Contractors, volunteers and other individuals who may have a need to access, use or control University Data.

IV. Authentication

1. Any service, application or Information System, whether on-premise or in the cloud, that contains WISP protected information, especially PI or PHI; OR is accessed by a large group of employees (20 or more), must use Single Sign-on authentication.
   
   • If the service or application is being provisioned by a business unit, the unit must engage University Systems to work with the provider to enable SSO.
     
   • If SSO is not supported by the service or application, it will not be approved for use by the university.
     
   • See Section V for exceptions.
     
2. Multi-factor authentication (MFA) must be used to access University resources.
   
3. Passwords must be constructed in accordance with the minimum requirements as listed below:
   
   • Authorized User Account passwords must meet a minimum length of 8 characters.
     
   • Administrative and Privileged Account passwords must meet a minimum of 10 characters.
     
   • Passwords must contain a mix of alphanumeric characters. Passwords must not consist of all digits, all special characters, or all alphabetic characters.
     
   • Automated controls must ensure that passwords are changed at 90-day intervals for both general users and administrative-level accounts.
     
   • NetIDs associated with a password must be disabled for a period of time after 10 consecutive failed login attempts. A minimum of 30 minutes is required for the reset period.
     
   • Passwords must not be the same as the NetID.
     
   • Passwords must not be displayed on screens.
     
   • Users must not share passwords.
     
   • Initial passwords and password resets must be issued pre-expired forcing the user to change the password upon first use.
     
   • Password reuse must be limited by not allowing the last 10 passwords to be reused. In addition, the password must be at least 2 days old in order to be voluntarily changed.
     
   • Access will be disabled 90 days past the date that a password expired if not changed.
     
   • Access will be disabled after 30 days of creation if NetID is not claimed.
     
   • Expired passwords must be changed before any other system activity is allowed.
     
4. Server Password Protocol
   
   • If, at any time, a member of the Community is granted permission to install a server, and access to that server is restricted via Login, and if that process is granted SSO exception through section VII., that system can not hold passwords in clear text. That system must use an approved irreversible cryptographic transform to protect its users’ passwords.

VI. Enforcement

• This policy will be enforced by technical controls wherever feasible; otherwise, this policy will be enforced by OIRT under the direction of the CIO. All members of FDU’s faculty and staff have a responsibility to promptly report any known instances of noncompliance to AVP of University Systems and Networking or the Director of Systems.
  
• Failure to comply with this policy can result in disciplinary action. Any such discipline shall be in accordance with processes and procedures of Human Resources and subject to any protections afforded under the University’s agreement with “Office & Professional Employees International Union”, the “Faculty Handbook”, and similar documents. Third parties who violate this Policy may have their relationship with the University terminated and their access to campus restricted.

VII. Exceptions

• Exceptions to this policy should be submitted to the AVP, USAN for review. Approval of the Chief Information Officer (CIO) or Data Security Incident Response Team (DSIRT) may be required.

---

Effective Date: 11/07/2023
Last Revision: 11/01/2013

Select employees of Fairleigh Dickinson University may be required to engage with confidential University data. The FDU Confidentiality Agreement and Security Policy defines your obligations under Federal and State guidelines to preserve the security and confidentiality of this information.

Confidentiality Agreement and Security Policy

Fairleigh Dickinson University regards the security and confidentiality of data and information to be of utmost importance. Each individual granted access to electronic and/or hard copy data holds a position of trust and must preserve the security and confidentiality of the information to which he/she is granted access to. Therefore, it is the intent of this policy to ensure that University data, in any format, is not divulged outside of Fairleigh Dickinson University without explicit approval to do so by an Associate Vice-President of the University or higher who has responsibility for the data in question. As such, the University requires all users of data to follow the procedures outlined below:

Policy on Confidential Information

Users of University data are required to abide by all applicable Federal and State guidelines and University policies regarding confidentiality of data, including the Family Education Rights and Privacy Act (“FERPA”) and, as applicable, The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). For more information, see: FDU’s General Confidentiality Policy, FERPA and HIPAA. 

Confidential Information shall be defined as:

• regarding student, faculty or staff: any personally-identifiable records, financial records (including social security and credit card numbers), health records; contracts, research data; alumni and donor records; personnel records other than an individual’s own personnel record; 

• regarding the University: University financial data; computer and system passwords, University issued PINS, University proprietary information/data; and 

• any other information for which access, use, or disclosure is not authorized by: 1) federal, state, or local law; or 2) University policy.

The individual receiving the Confidential Information shall have no obligation under this Policy with respect to Confidential Information which:

• is or becomes publicly available without breach of this Policy by the recipient;
• is rightfully received by the recipient without obligations of confidentiality; or
• is developed by the recipient without breach of this Policy; provided, however, such Confidential Information shall not be disclosed until thirty (30) days after written notice of intent to disclose is given to the University officer who has responsibility for the data in question, along with the asserted grounds for disclosure;
• is disclosed in accordance with any “whistle blower” action as provided in the U.S. False Claims Act, the New Jersey Conscientious Employee Protection Act (“NJCEPA”), or similar legislation.  (Brief overview of the NJCEPA is available here.

Any individual with authorized access to the Confidential Information is given access solely for the business of the University and must not divulge the Confidential Information outside of the University except for University business requirements approved by the President of the University or the division head responsible for the data in question. Specifically, with respect to Confidential Information, individuals must:

1. Access Confidential Information solely in order to perform his/her job responsibilities.
2. Not seek personal benefit or permit others to benefit personally from any Confidential Information that has come to them throughout their work assignments.
3. Not make or permit unauthorized use of any Confidential Information in the University’s information system or other records.
4. Not enter, change, delete or add data to any information system or files outside of the scope of their job responsibilities.
5. Not include or cause to be included in any record or report, a false, inaccurate or misleading entry known to the user as such.
6. Not alter or delete or cause to be altered or deleted from any records, report or information system, a true and correct entry.
7. Not release Confidential Information other than what is required in completion of job responsibilities which is consistent with this Policy.
8. Not exhibit or divulge the contents of any record, file or information system to any person unless it is necessary for the completion of their job responsibilities.

It is the individual’s responsibility to immediately report, as outlined under “Information Security Breach and Violation Reporting” at the end of this Policy, if the individual has violated this Policy. Additionally, given the potential harm that the University may suffer with the release of any Confidential Information, all employees are strongly encouraged to report any suspected violation of this policy or any other action, which violates confidentiality of data, as outlined at the end of this policy.

Security Measures and Procedures

All users of University information systems, including Datatel, MS File shares and FDU Office 365 email accounts, are supplied with an individual user account to access the data or systems necessary for the completion of their job responsibilities. Users of the University information systems are required to follow the procedures outlined below:

1. All transactions, processed by a user ID and password, or PIN, are the responsibility of the person to whom the user ID was assigned. The user’s ID, password, and PIN must remain confidential and must not be shared with anyone.
   • Using someone else’s user ID, password or PIN is a violation of policy, no matter how it was obtained.
   • Your user ID, password or PIN provides access to information that has been granted specifically to you.  To reduce the risk of shared passwords – remember not to post your password or PIN on or near your workstation or share your password or PIN with anyone.
   • It is your responsibility to change your password immediately if you believe someone else has obtained it.

NOTE: If you need your Password or PIN changed, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) immediately.

2. Access to any student or employee information (in any format) is to be determined based on specific job requirements. The appropriate Department Chair, School Director, Department Director/Manager, Dean, Provost, and/or Vice President is responsible for ensuring that access is granted only to authorized individuals, based on their job responsibilities. Written authorization must be received by the Computer Center prior to granting system access.
   • You are prohibited from viewing or accessing additional information (in any format) unless you have been authorized to do so.  Any access obtained without written authorization is considered unauthorized access.
   • In order to prevent unauthorized use, the user shall log off of all applications that provide access to confidential information, or lock their computer when leaving their workstation. This is especially important during breaks and lunch. Unless there is a specific business need, all workstations should be shut down at the end of the workday.

NOTE:  If you require assistance in establishing your workstation password, please access the screensaver documentation or contact the Fairleigh Dickinson University Technical Assistance Center (UTAC).

3. If you have any reason to believe your password or PIN has been compromised or revealed inadvertently, you should change your password and immediately notify one of the individuals as outlined under “Information Security Breach and Violation Reporting” at the end of this policy.

NOTE: All University’s computer system will periodically prompt you to change your password.

4. Upon termination or transfer of an employee, Human Resources will notify University Systems and Security, who in turn will notify the appropriate areas in the Computer Center.

5. Generally, students, temporary employees and consultants should not have access to the University record system. Written approval by the Department Chair, School Director, Department Director/Manager, Dean, Provost, and/or Vice President in charge of the respective area is required if it is determined that access is required. The student, temporary employee or consultant is to be held to the same standards as all University employees, and must be made aware of their responsibilities to protect student and employee privacy rights and data integrity. Written authorization must be received by the Computer Center prior to granting system access.

6. You agree to properly secure and dispose of any outputs or files you create in a manner that fully protects the Confidential Information.

Additionally, I understand that if granted access to process transactions via Datatel data entry screens, any information I enter or change will be effective immediately. Accordingly, I understand that I am responsible for any changes made using my ID.

I understand that my access to University data is for the sole purpose of carrying out my job responsibilities and Confidential Information is not to be divulged outside of The University, except as previously stated. Breach of confidentiality, including aiding, abetting, or acting in conspiracy with any other person to violate any part of this policy, may result in sanctions, civil or criminal prosecution and penalties, employment and/or University disciplinary action, and could lead to dismissal, suspension or revocation of all access privileges. I understand that misuse of University data and any violation of this policy or the FERPA, HIPAA or GLB policies are grounds for disciplinary action, up to and including dismissal. This Agreement shall not abridge nor supersede any rights afforded faculty members under the Faculty Handbook.

Information Security Breach and/or Policy Violation Reporting

If you suspect an Information Security Data Breach or a violation of this policy, report such an event to your department chair or staff supervisor and send an immediate email to violation@fdu.edu. If you do not have immediate access to email, contact the Fairleigh Dickinson University Technical Assistance Center (UTAC); do not provide details but request a ticket be opened with University Systems & Security due to an information security data breach or policy violation requesting an immediate callback. When practical, also send an email to violation@fdu.edu.

---

Backup Alert Email Notifications

CrashPlan Backup will send users an email alert notifying them of any incomplete backups of their devices.

• The CrashPlan Backup email alert will be sent from “CrashPlan <noreply@crashplan.com>”
• The Subject line of the email will be labeled with: “[External]Critical: [Name of Device] not backed up“

Backup Alert

You will receive an alert when your computer hasn’t backed up to CrashPlan for 5 calendar days. The email will look like the example below:

What to do if you get a backup alert

After receiving a CrashPlan Backup alert email, you should locate the device the email specifies in need of backup. The CrashPlan Backup device name will be listed in the Subject: line and Computer Name: line of the CrashPlan backup alert email.

To locate the name of a CrashPlan Backup device:

1. Click the CrashPlan Backup icon in the Windows System Tray, also referred to as the notification area.

CrashPlan Backup icon

1. Click “Run Backup now“

Ensure the CrashPlan backup application displays the same name as the CrashPlan Backup alert email you received.

After locating the correct specified device stated in the CrashPlan backup alert email, force a backup of the device by performing the following:

1. Click the “CrashPlan Backup” System Tray or macOS menu bar Icon

CrashPlan Backup Icon

2. Click “Run Backup now“

The “remember me” option is displayed by Duo when you sign in with FDU NetID on the web. After providing your second factor for authentication, Duo will present you with a prompt asking if you would like to have this device remembered for future logins. Selecting “Yes, this is my device” sets the “remember me” status for Duo.

Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It’s safe to use on trusted computers and lasts for 30 days.

Refer to our Duo Quick Start Guide below for instructions on using the “remember me” option within the context of the overall sign-in experience.

What is the “remember me” option?

The “remember me” option is a feature of Duo that tells your browser to remember that you have confirmed your identity using your 2FA device. If you confirm that “Yes, this is my device” when authenticating with Duo, you won’t have to use your 2FA device as often on that browser. For example, if you use it on your computer at work, it reduces how often you have to sign in with 2FA at work; but your laptop at home will still ask you to sign in with 2FA.

Why would I want to use it?

The “remember me” option saves you time and reduces distraction by reducing how often you have to use your 2FA device. If you routinely use the Duo callback method, it also saves the FDU money in telephony costs.

Is “Remember Me” safe? Doesn’t it defeat the purpose of 2FA?

The “remember me” option is safe to use on computers and devices that you can trust to protect your browser. It doesn’t defeat the purpose of 2FA because the convenience it provides is limited to each computer and browser that you choose to use it on. If you or anyone else tries to sign in with your FDU NetID on a different computer or browser, 2FA will be required.

How long does it last?

The “remember me” option lasts 30 days. It saves a secure cookie on your browser to track the time until you need to use your 2FA device again. If your browser clears cookies this will remove “remember me” until you re-select it.

Why is the “remember me” duration 30 days?

30 days is the current “remember me” duration because it is often enough to remind you that 2FA is turned on, but not so often to be annoying. While some institutions use shorter or longer durations, 30 days is a common duration at peer institutions.

How do I clear it on my current browser?

If the “remember me” option is enabled on the browser you’re using right now, clear your cookies for duosecurity.com. To clear it on other browsers, repeat this process on each of them.

How do I reset it on a browser I no longer control?

If you enabled the “remember me” option on a browser you no longer control, Please open a support ticket by clicking Support at the top of the page, or visiting samisupport.fdu.edu.

I’m using the “remember me” option, and I still have to use my 2FA device more often than every 30 days. Why is that?

Some system owners require you to reauthenticate with 2FA every time you access their systems for security, regardless of using the “remember me” option (workday for example). This can increase how often you have to sign in with 2FA. If you find you are regularly asked for 2FA on some sites despite the “remember me” option, but not other websites this is likely the cause. Other contributing factors include how many different computers you use, how many different browsers you use on these computers, whether or not you use the “remember me” option on all of them, how your browsers are configured to use cookies, and how often you clear your browser cookies.

Why do some system owners override the “remember me” option and reauthenticate me every time I sign in?

System owners decide to reauthenticate you based on what institutional and personal data they need to protect, and what threats and risks they need to guard against. Some of them reauthenticate you because they are concerned about unauthorized access from unattended browser sessions, and forcing you to reauthenticate is one way to re-establish that it’s you.

Why isn’t the “remember me” option working for me? Are there things that prevent it from working correctly?

The “remember me” option requires the use of browser cookies, so it may not work as expected in these circumstances:

• You are accessing a site that overrides the “remember me” option
  
• You cleared your browser cookies
  
• You started using a different browser
  
• You started using a different computer or device
  
• You are using a private browsing mode
  
• You disabled the use of browser cookies
  
• Your browser doesn’t allow cookies to be saved
  
• You use a browser extension that blocks cookies

Who will be affected?

This may affect FDU community users using Windows 7, Windows 8.1, Android Devices with Android OS version 9 or lower, and Apple devices with iOS versions that don’t support TLS 1.2.

Check if you are using the supported endpoints by reading the information below:

Windows

Supported Windows operating system (OS) versions will support TLS 1.2 by default. If you are running a supported Windows OS, no action is required.

Unsupported Versions for Windows Operating Systems

Check OS Version

• Open the Windows Search box and type “About your PC” and click on “Open“
• Under Windows Specifications, check which edition and version of Windows your device is running

Enabling TLS 1.2 on your Operating System

If your operating system was manually changed to disable TLS 1.2 for some reason, you can verify or configure your system for TLS 1.2.

Before making any changes, create a backup of the registry:

1. In the Windows Registry Editor, locate and click the “Protocols registry key” or “subkey“
   that needs to be backed up
2. Click “File”, then “Export”
3. In the Export Registry File dialog box, select the filename and location of where to save the backup
4. Click “Save”

After creating a backup of the registry, follow the steps below to enable TLS 1.2 on your system:

1. Click the Start menu, type “regedit” and press the Enter key. The Registry Editor window should be opened.
2. Navigate to follow the registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3. Check if the subkey of TLS v1.2 is enabled for both the server and the client. Each protocol’s state is controlled by two keys: Enabled and DisabledByDefault
4. Make sure the Enabled value is 1 and the DisabledByDefault value is 0 or missing, the protocol is enabled.
5. If the Enabled value is 1 but the DisabledByDefault value is 1, the protocol is disabled by default – it will not be used unless another host explicitly requests it during negotiation.
6. If the Enabled value is 0, the protocol is disabled
7. Restart the system to ensure the new settings take effect

DUO Mobile

Supported Duo Mobile applications running on supported OS versions will support TLS 1.2+ by default. If you are running a supported Duo Mobile application on a supported OS, no action is required.

• Supported Android OS versions: Android 10.0 and greater
• Supported iOS versions: iOS 14.0 and greater

Web Browsers

Common web browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, etc. with their latest version are supporting TLS 1.2.

Chrome and Microsoft Edge

1. In the Windows menu search box, type “Internet Options”
2. In the Internet Properties window, on the Advanced tab, scroll down to the Security section
3. Make sure the “User TLS 1.2” checkbox is checked

4. Click “OK” and restart the browser

Mozilla Firefox

1. Open the Mozilla Firefox Browser
2. In the address bar, type “about:config” and press “Enter“
3. In the Search Field type “tls”. Find and double-click the entry for “security.tls. version. min”
4. Make sure the integer value is 3 to force a minimum protocol of TLS 1.2

5. Click “OK” and restart the browser

We understand that upgrading your device is not always an option. In these instances, you can still use Duo Passcodes to perform multi-factor authentication.

1. To use this method, select “Enter a passcode” upon receiving your browser’s Duo security prompt

2. Next, open the Duo app and click “Show”. This will provide a six-digit passcode which you can enter into the browser prompt

3. Enter the six-digit passcode from the DUO app and click “Log in”

Virtru email encryption is the preferred method to send and view encrypted emails and files with your FDU email address. Available for FDU Faculty and Staff upon request. Click the link below to request access to Virtru Email Encryption.

The Virtru Email Encryption Tutorial will help users navigate installation, basic use, different usage scenarios, and common technical questions.

Alternative Approved Methods for Encryption

If you are not approved for Virtru email encryption, the articles below are alternative, FDU OIRT and DSIRT approved methods for encrypting Microsoft Office and Adobe PDF files and comply with the University WISP.

Virtru email encryption is a security enhancement to FDU’s Office 365 and Microsoft Outlook email environment, which provides Faculty and Staff the option of sending and receiving encrypted emails using their FDU email account.

Section – About

Part : About Virtru Email Encryption

What is Virtru Email Encryption

Virtru email encryption is a security enhancement to FDU’s Microsoft Office 365 and Microsoft Outlook email environment, which provides Faculty and Staff the option of sending and receiving encrypted emails using their FDU email account. Virtru for the Microsoft Outlook desktop email client is available for installation for approved FDU Faculty and Staff via the FDU Self Service Portal for Software on Windows 10 desktops and laptops owned by the University.

Virtru Email Client

The Virtru client provides a seamless experience when using the Microsoft Outlook desktop client. The Virtru Outlook plugin is only available on university laptops or desktops running Microsoft Windows.

Virtru for Office365

All Apple macOS users and users who access their FDU email through Office 365 can use Virtru email encryption to send sensitive information electronically.

What is Virtru Secure Reader?

Virtru’s Secure Reader is a platform that can be accessed within FDU’s Outlook on the Web (office365.fdu.edu) and right on your web browser by clicking the “Unlock Message” button in your Virtru secured email. From there, all you have to do is quickly validate you are an authorized recipient of that email or file. Once complete, you can read and reply to the secure email directly in your browser.

A secure message encrypted by Virtru will have a few key components, including a short unencrypted message from the sender, and a button that says “Unlock Message”.

Request Form

To obtain access to Virtru in order to send encrypted emails, you must fill out the request from below:

For additional support, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC).

Section – Installation and Activation

Part : Installing Virtru onto a University PC

Installing Virtru onto a University PC

Part : Activating Virtru on a University PC

Activating Virtru on a University PC

1. When you open Microsoft Outlook after the Virtru has been installed, you will be prompted to activate your Virtru plugin. Click “Activate“ to begin. You may choose “Later” if you do not wish to activate at this time

2. You will be presented with a list of FDU email accounts configured to use in Microsoft Outlook. If your Microsoft Outlook application is associated with multiple email accounts, click on only those you will need to use Virtru email encryption. Then click “Continue“

3. After selecting the proper accounts, you will have the choice of signing in with FDU’s email provider (Microsoft Office 365) or choosing to receive an activation email. Choose “Sign in with Office 365“

Activating Virtru through Office 365 Sign in

1. Enter your FDU NetID credentials when prompted and proceed through the FDU Single Sign-on webpage, including completing Duo Multi-Factor authentication. If you experience issues, choose to “Send me an activation email” and follow the directions given below in item

Activating Virtru through Activation Email

1. If you are unable to activate your account(s) using “Sign in with Office 365,” choose to “Send me an activation email.” The process will take a few moments to complete in the background

2. During this process, Virtru will send a unique email from noreply-activation@virtru.com to your mailbox. The Virtru plugin will search for this email in your inbox. When the activation email is found, Virtru will automatically delete the email from your email inbox, and the Virtru plugin will complete the activation

If your activation does not automatically complete in a few minutes, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC).

Activating from the Virtru Menu

If you have disabled automatic activations, you can still activate Virtru on your account(s) at any time.

1. Select the ‘Virtru‘ menu tab from the top bar of the main Microsoft Outlook window

2. Choose “Authorize Accounts” or “Options“

3. If you select “Options,” go to the ‘Account Activation‘ menu tab, select your FDU email account, and click on “Activate Selected“

4. You will then follow the activation process already illustrated above in “Activating Virtru through Office 365 Sign-on“ or “Activating Virtru through activation email” described above

Part : Re-enabling a Virtru Account

Re-enabling a Virtru Account

FDU Virtru users will occasionally be required to reactivate their Virtru add-in due to the following:

• You’ve cleared your registry
• Your Virtru activation status has expired. For security purposes, Virtru will invalidate your activation status every
  • 120 days for users accessing their own mailboxes
  • 10 days for users accessing shared or delegated mailboxes
• You are using Virtru on a new machine

You are automatically prompted when you need to re-activate. You can also proactively reactivate at any time via the ‘Virtru’ menu tab. This process was described above in “Activating from the Virtru Menu.”

Reset Activations

If you wish to fully deactivate all accounts in Microsoft Outlook, you can do so from the ‘Virtru’ menu tab:

1. Click on the ‘Virtru‘ menu tab at the top of your Microsoft Outlook window and select “Debug Log“

2. Click on the ‘Debug Commands‘ menu tab option and select the “Reset Activations (clears registry only)” option

3. Click “Yes” and then “OK” to confirm the changes

4. From the ‘Virtru‘ menu tab, you can reauthorize by clicking on “Authorize Accounts“

Part : Virtru Walkthrough Video

Virtru Walkthrough Video

Section – Virtru for Microsoft Outlook

Part : Send a Virtru-encrypted Email in Outlook

Send a Virtru-encrypted Email in Outlook

With Virtru, you can easily protect your emails by encrypting messages and attachments in a few simple clicks.

1. Left-click “New Email” from the main Outlook window

2. Open the ‘Message‘ menu tab and left-click the “Virtru button” to turn “Virtru ON.” The button should turn blue and read “Virtru ON”

3. Add recipients, a subject, the body of the email, and any relevant attachments

4. When your message is ready, click “Send.” You should see a brief animation letting you know that the message is “Encrypting” before it is fully sent

FDU Virtru-encrypted Email Introduction for Recipients

FDU includes a standardized introduction to inform the recipient that they are viewing a Virtru-encrypted email. Below is an example of what the recipient will see. If you have updated the introduction, it will be reflected accordingly

Personal Virtru-encrypted Email Introduction for Recipients

You can also set a one-time, unencrypted personal introduction for the message to either clarify the introduction of Virtru to the recipient or provide some context about the email. Left-click the “Personal Introduction” menu button in your email draft window.

Section – Virtru for Microsoft Office 365

Part : Send a Virtru-encrypted Email on Microsoft Office 365

Send a Virtru-encrypted Email on Microsoft Office 365

With Virtru, you can easily protect your emails by encrypting messages and attachments in a few simple clicks. To send Virtru encrypted emails from your Microsoft Office 365 email acount, simply prepend the subject line of your email as follows:

#secure#

Virtru-encrypted Email Recipient Experience

The recipient will receive an email that looks like this:

Part : Read a Virtru Encrypted Email on Microsoft Office 365

Read a Virtru Encrypted Email on Microsoft Office 365

In this article, we’ll show you how to quickly access and read your Virtru-secured message or attachment within Microsoft Office 365 using Virtru’s Secure Reader.

How to Access and Read your Message

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. Open the Virtru-secured email in your inbox and left-click “Unlock Message.” A new tab will open

3. When prompted, select your FDU email address

4. Choose how you’d like to verify your identity
   • Microsoft Office 365 users can use their FDU NetID credentials to log into the Secure Reader using “Sign In with Microsoft.” If you choose this route, you can skip step #5 below.
   • Alternatively, users may choose “Or sign-in with a one-time verification link.”

5. If you selected “Or sign-in with a one-time verification link,” check your inbox for your verification email. It will come from verify+xxxxxxxx@virtru.com (with each “x” being a digit). Open the verification email and left-click “View Message” to open your message

6. Your message will open the Virtru Secure Reader in a new tab in the browser. You will also be able to view and access attachments at this time

For a variety of reasons, some recipients may occasionally receive an error message when trying to open a secure email or attachment. If you are having problems accessing your secure email and/or files, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for assistance.

Part : Reply to a Virtru Encrypted Email on Microsoft Office 365

Reply to a Virtru Encrypted Email on Microsoft Office 365

In this article, we’ll show you how to quickly reply to your Virtru-secured message or attachment within Microsoft Office 365 using Virtru’s Secure Reader.

How to Reply to a Secure Message

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. After successfully opening the Virtru-secured message, to send a “Secure Reply,” scroll down the page below the main message, or click the icon in the top right with the arrow pointing to the left. You may also click on the arrow next to it to reveal additional options such as “Secure Reply All“

3. Attachments can be added by clicking “Add Attachment.” These attachments will be sent securely as well

4. When you are ready to send your email, hit the “Secure Send” button. Both you and all applicable recipients will receive a copy of your reply. Please note that your secure reply will be sent from secure-reply@virtru.com

Part : Viewing a Secure File or Attachment on Microsoft Office 365

Viewing a Secure File or Attachment on Microsoft Office 365

This article covers the different options you have for viewing and downloading secure attachments and files within Microsoft Office 365 using Virtru’s Secure Reader. Depending on the type of attachment you’ve received, you can view your file directly in the Virtru Secure Reader or download the file to your computer. The Virtru Secure Reader can preview various file types, including PDF, Word documents, most image files, and plain text files.

Viewing Directly in the Secure Reader

1. Login to FDU’s Microsoft Office 365 web portal using any web browser. Enter your FDU NetID credentials

2. If you’ve received an attachment in a Virtru secured email or an encrypted file that was shared directly with you, you can hover over the file name and choose “View” or “View Protected file” to view the attachment right in your web browser

Downloading Unsupported File Types

If you’ve received a file that cannot be previewed in the Virtru Secure Reader, you will be prompted to download that file directly. There will be no “View” option.

Printing Attachments in the Secure Reader

You can print a document from the Secure Reader by selecting the menu under the “Download “button and then selecting “Print.” You may also choose to download it first, then open and print via a preferred program on your computer.

Section – Additional Resources

Part : Using the Virtru Dashboard for Microsoft Office 365 Users

Using the Virtru Dashboard for Microsoft Office 365 Users

Users who access their FDU email through the Microsoft Office 365 web portal and all Apple macOS users will need to use the Virtru Dashboard to manage all of Virtru’s security options.

1. To use the Virtru Dashboard, click the link below:

2. Choose “Sign in with Office365“, and skip to Step 5. If you choose to request a one-time verification link, enter your FDU email address and click on “Submit“

3. If you request the one-time verification link, you will receive an email from Verify for Virtru, as shown below. If you are using different web browsers, such as Google Chrome or Mozilla Firefox, it will be reflected in the email message accordingly

4. Click “Verify me” and choose “Copy Link Location.” Open a new browser tab and paste the link location into the URL space. Hit the “Enter” or “Return” key on your keyboard

5. When you log in to the Virtru Dashboard for the first time, you will see the message below. Left-click “OK, GOT IT!“

6. You will now be able to view Virtru encrypted emails or files you have sent, as well as open the ‘Settings‘ menu tab to set behaviors for your Virtru account

Part : Manage Virtru’s Expiration Date Security Option in Outlook

Manage Virtru’s Expiration Date Security Option in Outlook

In addition to encrypting messages and files, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply an “Expiration Date” to an encrypted email or file.

Typically, if a Virtru email recipient receives an encrypted message or file, they can indefinitely access that content. However, as the owner of that content, you can restrict access after a particular point in time. If a recipient tries to access the content after expiration, they will receive a prompt indicating their access is expired.

Part : Manage Virtru’s Expiration Date Security Option in the Virtual Dashboard

Manage Virtru’s Expiration Date Security Option in the Virtru Dashboard

In addition to encrypting messages and files, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply an “Expiration Date” to an encrypted email or file.

Typically, if a Virtru email recipient receives an encrypted message or file, they can indefinitely access that content. However, as the owner of that content, you can restrict access after a particular point in time. If a recipient tries to access the content after expiration, they will receive a prompt indicating their access is expired.

Part : Manage Virtru’s Disable Forwarding Security Option in Outlook

Manage Virtru’s Disable Forwarding Security Option in Outlook

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Disable Forwarding” to a Virtru-encrypted email.

Typically, if a Virtru plugin for Microsoft Outlook user receives an encrypted message, they can use Virtru to forward the email to a new party. This will add the new recipient as an authorized user and allow them to unlock the message. “Disable Forwarding,” however, ensures that your recipients can access the encrypted content but will stop any additional users from gaining access to the message. If the original recipient passes the email to a new party, then the new user will not be added as an authorized user and will not be able to unlock the message.

Part : Manage Virtru’s Disable Forwarding Security Option in the Virtru Dashboard

Manage Virtru’s Disable Forwarding Security Option in the Virtru Dashboard

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Disable Forwarding” to an encrypted email.

Part : Manage Virtru’s Watermarking Security Option in Outlook

Manage Virtru’s Watermarking Security Option in Outlook

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Watermarking” to an encrypted file.

Typically, if a Virtru recipient receives an encrypted file, they can preview the file in the Virtru Secure Reader and download a decrypted copy locally. When “Watermarking” is applied to a secure file, recipients will only have access in the Secure Reader and will see their email address watermarked across the document.

The addition of the watermark is visible but transparent enough not to obscure the contents of the file when viewed. A recipient will not be able to download a local decrypted copy of the file.

This feature can be applied using the Virtru plugin for Microsoft Outlook or the Virtru Dashboard. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

Part : Manage Virtru’s Watermarking Security Option in the Virtru Dashboard

Mange Virtru’s Watermarking Security Option in the Virtru Dashboard

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Watermarking” to an encrypted file.

Typically, if a Virtru recipient receives an encrypted file, they can preview the file in the Virtru Secure Reader and download a decrypted copy locally. When “Watermarking” is applied to a secure file, recipients will only have access in the Secure Reader and will see their email address watermarked across the document.

The addition of the watermark is visible but transparent enough not to obscure the contents of the file when viewed. A recipient will not be able to download a local decrypted copy of the file.

This feature can be applied using the Virtru plugin for Microsoft Outlook or the Virtru Dashboard. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

Part : Revoke Virtru Encrypted Content in Outlook

Revoke Virtru Encrypted Content in Outlook

When a Virtru user sends encrypted content, they have full control over access to the message(s) and/or file(s). Even if a recipient receives encrypted content, the sender has the ability to revoke (or reauthorize) access at any time. Virtru even allows the sender to revoke access to specific recipients.

Part : Revoke Virtru Encrypted Content in the Virtru Dashboard

Revoke Virtru Encrypted Content in the Virtru Dashboard

When a Virtru user sends encrypted content, they have full control over access to the message(s) and/or file(s). Even if a recipient receives encrypted content, the sender has the ability to revoke (or reauthorize) access at any time. Virtru even allows the sender to revoke access to specific recipients.

Part : Using Virtru’s Persistent File Protection (PFP) Security Option

Using Virtru’s Persistent File Protection (PFP) Security Option

In addition to encrypting messages and attachments, Virtru users have the ability to apply additional security settings to protected content. Among these settings is the option to apply “Persistent File Protection (PFP)” to an encrypted file.

PFP provides a secure file container that is portable, universally accessible, and built on top of open standards. Regardless of where files are stored, PFP allows you to select, protect, and share a file with anyone while maintaining full visibility into how it is being used and retaining the ability to revoke access at any time. Any file protected with PFP will convert into the .tdf.html file format. This ensures that the contents are only accessible in Virtru’s Secure Reader, and only authorized parties can view it.

This feature can be applied using the Virtru plugin for Microsoft Outlook on Windows Operating Systems only. It supports the following common file types:

• Microsoft Office documents: .docx, .pptx, .xlsx
• Common image file formats: .jpeg, .png
• PDF documents

Legacy Authentication is a term Microsoft sometimes uses to describe basic authentication when used with its cloud-based services. This is in contrast with the term “modern authentication” which provides more security and capabilities.

Legacy Authentication Topics

Legacy (or basic) authentication is characterized by:

• A client or network protocol that is incapable or not configured to do modern authentication
  
• A client which sends both the username and password to the application
  
• An application using the username and password to get a logon token on behalf of the user

Modern authentication is characterized by:

• a client and service capable and configured to use OpenID Connect, SAML, and/or OAuth 2.0 for authentication AND
  
• a client and service which can accept redirects to the identity provider for all authentication interactions and can work with authentication tokens of the protocols above

All Microsoft cloud services are modern authentication capable.

Whether legacy or modern authentication is used is dependent on the client capabilities. To use modern authentication, you can, in many cases, update your client application or change to an alternative client application.

A list of known clients using legacy authentication is available. Transitioning from legacy authentication usually requires the individual user to change the client software they are using, which may require assistance from the Fairleigh Dickinson University Technical Assistance Center (UTAC).

Protection with two-factor authentication (2FA)

Legacy authentication can not be protected by 2FA. Because the password is known to the application accessed via legacy authentication, it is less secure than modern authentication. If legacy authentication is not blocked for your account, 3rd party applications can ask for your credentials and have your password without you being aware they do.

Transition from legacy authentication

For the typical user, the complexity of determining whether you are using legacy authentication is significant. If you are using one of the client applications that does not use modern authentication protocols (see section below for a list of known clients using legacy authentication), you should replace them. If you don’t have one of these client applications but still suspect you have legacy authentication, contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for assistance.

In most cases, users will need to do one or more of the following:

• Update their application to a version that supports modern authentication protocols
  
• Upgrade to the latest version of their phone operating system
  
• Remove and re-add their FDU account in the configuration of their iOS or macOS application so it will use modern authentication protocols

All three of these actions are informed by the list of known insecure client apps. FDU IT doesn’t know your devices like you do, nor do we manage which client applications you use, so only you can identify where action needs to be taken.

If you don’t seem to have one of the insecure client applications but still suspect you have legacy authentication, For the typical user, the complexity of determining whether you are using legacy authentication is significant. If you are using one of the client applications that does not use modern authentication protocols (see section below for a list of known clients using legacy authentication), you should replace them. If you don’t have one of these client applications but still suspect you have legacy authentication, contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for assistance.

1. Open “Settings“
   
2. Choose “Calendar” or “Mail“
   
3. Choose “Accounts“
   
4. Choose “Exchange” or “Google” – make sure you are choosing an account in the format fdunetid@fdu.edu

5. Choose “Delete account“

6. Confirm the deletion by choosing “Delete from my iPhone“

1. Open the “Gmail App“

2. Tap the Account icon in the top right to view all existing accounts

3. Tap “Manage Accounts on this device“

4. Select your @fdu.edu mail account from the list

5. Tap “Remove account“

To add your FDU Email account to an iOS device’s native “Mail” app follow the instructions on the link below:

This list is not intended to be comprehensive; it is only a list of known client applications. If you have one which should be added, please let us know.

Client App	FDU IT Recommendation	Notes
Outlook 2010 or earlier	Replace with one of the supported email clients
Outlook 2013 without special settings enabled	Replace with one of the supported email clients	Alternate resolution (not supported by FDU-IT): Enable Modern authentication for Office 2013 on Windows devices – Microsoft 365 admin | Microsoft Docs
Mail or Calendar on iOS11 or newer	Replace with one of the supported email clients	Alternate resolution (not supported by FDU-IT): Remove FDU account on device, then re-add FDU account. These apps now support modern authentication, but that support was only recently added and any account setup previously is “stuck” in legacy authentication. You’ll need to delete the account and set it back up fresh to get modern authentication. Apple plans to release an update which automatically fixes this.
Mail or Calendar on iOS 10 or lower	Replace with one of the supported email clients	Alternate resolution: upgrade to iOS 11 or newer, then follow resolutions for that scenario
Any client application on iPhone 5 and lower	Use OWA or replace this device
Any client application on iPad 4th generation and lower	Use OWA or replace this device
Eudora	Replace with one of the supported email clients
Pine	Replace with one of the supported email clients
Thunderbird	Replace with one of the supported email clients
Mac Mail on Mac OS 10.13 or earlier	Replace with one of the supported email clients	Alternate resolution (not supported by FDU-IT): Upgrade macOS, remove FDU account on device, then re-add FDU account
Any client application on Chromebooks	Use OWA or replace this device
Sharepoint Designer 2013	Retire the use of this discontinued tool.	Contact FDU IT for more information

You may see an email in your FDU inbox like this:

While the email message says it was sent by your IT department, it was not. This email message wasn’t actually sent–it only exists on your mobile device and was created to alert you to the fact that your client application can’t sign into your account. Your email access has not been blocked–it is only that this client application is broken. You can verify for yourself that your email access was not blocked by going to Outlook on the Web. And the reason the client application is broken is because it can only do legacy authentication OR it only has cached credentials which are based on legacy authentication.

There are several ways to determine if you’re using Basic authentication or Modern authentication. If you’re using Basic authentication, you can determine where it’s coming from and what to do about it.

Authentication dialog

A simple way to tell if a client app (for example, Outlook) is using Basic authentication or Modern authentication is to observe the dialog that’s presented when the user logs in.

Modern authentication displays a web-based login page:

Basic authentication presents a dialog credential modal box:

On a mobile device, you’ll see a similar web-based page when you authenticate if the device is trying to connect using Modern authentication.

You can also check the connection status dialog box, by “CTRL + right-clicking” the Outlook icon in the system tray, and choosing Connection Status.

When using Basic authentication, the “Authn” column in the “Outlook Connection Status” dialog shows the value of “Clear“.

Once you switch to Modern authentication, the “Authn” column in the Outlook Connection Status dialog shows the value of “Bearer“.

Spam Quarantined Email

Microsoft 365 email has filters to protect users from spam and malicious emails like phishing scams.

Messages caught by the filters are placed in quarantine for Fairleigh Dickinson University and its users’ protection. Users will receive a Spam Notification message once a day, notifying them of any messages placed in quarantine. Any legitimate mail caught by mistake can be released directly from this message or from the quarantine portal.

Handling Quarantined Email

Legitimate messages placed in quarantine may be released into your inbox in one of two ways:

1. From the daily spam notification email message

If you receive mail that has been placed in quarantine, you’ll receive an email message from quarantine@messaging.microsoft.com. The message will look like the one below:

The following options will be available to you by clicking the respective links in the email notification or you can choose to do nothing.

• Review Message – go to the Microsoft 365 Security & Compliance Center to review it
• Release – the message is removed from quarantine and placed in your inbox
• Block Sender – add the sender to the Blocked Senders list in your mailbox

2. From the Microsoft 365 Security & Compliance Center

Quarantined email can also be handled in the Microsoft 365 Security & Compliance Center.

1. Go to Microsoft 365 Security & Compliance Center >
   
   • A list of your emails in quarantine will be displayed
     
2. Click on any message to select it, then choose from the options given:
   
   • Release message
   • Preview message
   • View message header
   • Block Sender

For more details, use this link: