The University of New Mexico has identified that there was an intrusion into the IT environment at the UNM School of Law on June 27. School of Law email and file-sharing services were affected. Based on current findings we believe the issue is isolated to the School of Law and isn’t linked to other systems at UNM. 

School of Law Students, Faculty and Staff should use their @unm email account until further notice and access email at lobomail.unm.edu. 

If you need assistance accessing your @unm email account, please contact the UNM IT Service Desk at 277-5757.

A support email lawhelpdesk@unm.edu has been set up for those in need of any additional Law School IT support services.

The School of Law’s IT department and UNM’s central IT team are working together to restore services. 

To improve user experience, availability and lay the groundwork for true SSO, we will finalize the staged migration to Azure AD beginning Tuesday, August 4th at 8:00 AM.

No outage or negative impact is expected but there will be changes to the Lobomail/O365 login flow and login page appearance for users who were not already migrated. Additional information is available in FastInfo 7442.

Users accessing Lobomail via lobomail.unm.edu, mylobomail.unm.edu or webmail.unm.edu are currently directed to the Azure AD login page:

Example: https://unmm-my.sharepoint.com/:i:/g/personal/nssabol_unm_edu/EcsWQoNOZYVNlLFNaHRZChkBnAnUdfnq1Om9FFXwyCdtuQ?e=Lsg8nu

Once you are migrated to Azure AD, after entering your email address, you will be prompted for your password by the new Azure AD login page:

Example: https://unmm-my.sharepoint.com/:i:/g/personal/nssabol_unm_edu/Ee2Zulv9FHZPtIuYs57UCjsBU5F0R_4bQvXZ4bo-8cA25g?e=ucBX5V

If you are not migrated to Azure AD yet, you will be redirected to the legacy Lobomail login page (AD FS).

Example: https://unmm-my.sharepoint.com/:i:/g/personal/nssabol_unm_edu/Ec9VX4POa0JBl274JS9XZrABbUTT5L5SIL65wR99lbmITw?e=kXEhIf

Once this migration is completed, all users will experience the former and be authenticated entirely by Azure AD. To reduce the number of times you must login per day, you can select "Yes" on the "Stay signed in" screen.

We will be migrating all remaining users starting 8/4. We will migrate ~3500 users per day for 5 days, finishing around 8/9. No negative outage or impact is expected. Migrated users will use the new login screens and flow as described above. Some users may need to re-authenticate to Lobomail, Skype for Business, or other apps on their devices (Outlook mobile app, other mobile apps, Mail for macOS, etc.).

If issues are encountered, affected users should either contact the UNM IT Service Desk for assistance or opt out of modern authentication using https://goto.unm.edu/modern-auth.

As previously announced via blog and MC175274 (March, 2019), Office 2010 and 2013 clients' connections to Office 365 services will not be supported after October 13, 2020.

After this date, ongoing investments in the Office 365 cloud services – including Exchange Online, SharePoint Online, and OneDrive for Business – will proceed based on post-Office 2013 requirements. We recommend that area units with Office 2010 or 2013 clients consider migrating to Office 2019 or 365 ProPlus as soon as possible (prior to October 13th).

Up to date information on current Office system requirements can be found under on the Office system requirements page, with related timelines available in the Office system requirements matrix.

Microsoft and UNM IT will not take any active measures to block older Office clients, such as Office 2013 and Office 2010, from connecting to Office 365 services.

However, legacy clients attempting to connect to a modern, always up- to- date cloud service may experience performance and reliability issues. Are units will face an increased security risk, and may find themselves out of compliance depending on specific regional or industry requirements. Microsoft and UNM IT Help may not be able to resolve issues that arise due to unsupported service connections.

To ensure the health and safety of the UNM community, departments are required to develop a Return to Operations Plan and submit a formal request prior to reopening facilities and returning to campus. On Monday, 6/22/2020, the Facility Re-Open Request application was made available for facility managers, investigators, and department designees to submit these requests.

For information about the review and approval process, and access to the application, please visit: https://fm.unm.edu/reopen-request/reopen.html.

Consistent with the State of New Mexico’s COVID-Safe Practices for New Mexico employers, all UNM faculty, staff, and students are required to complete a daily symptom screening prior to coming to campus. UNM HR and IT have worked on and will make available the "UNM Daily Symptom Screening" online form on Monday, June 8, 2020.

Each day, as an employee and/or resident student, you will receive an email from covidscreen@unm.edu asking if you are planning on coming to campus that day with a YES/NO answer which will take you to the UNM Daily Symptom Screening online application at lobocheckin.unm.edu.

By not completing the online form you are acknowledging that you are not scheduled to work that day and will not be on campus that day.

If you are a faculty, staff or student at the UNM Health Sciences Center and are already completing the HSC daily survey, you do not need to complete this UNM survey.

If you have questions about this process, please contact clientsv@unm.edu. If you have questions about the authenticity of this email, please contact UNM IT at (505) 277-5757.

The UNM IT Customer Support Service Desk and the UNM Information Security & Privacy Office (ISPO) have received many reports of fraudulent/phishing emails sent to UNM community members.

Extortion Emails

There does not appear to be any evidence of automatic downloads, malware, or other malicious software associated with the email samples provided.  Any credentials (usernames, passwords, etc.) associated with these emails appear to have been the result of high-profile data breaches of parties external to UNM.

For more information regarding extortion email schemes please reference the following PSA from the Federal Bureau of Investigation (FBI):

https://www.ic3.gov/media/2018/180807.aspx

Impersonation Emails

All email accounts associated with the impersonation attempts have been hosted by third-parties external to UNM.  As with the extortion emails referenced above, there does not appear to be any indication of compromised UNM accounts associated with these types phishing/spoofing campaigns.  Additionally, there is no evidence automatic downloads, malware, or other malicious software associated with the email samples provided.

For more information regarding extortion email schemes please reference the following PSA from the Federal Trade Commission (FTC):

https://www.consumer.gov/articles/imposter-scams

What you can do

UNM community members are encouraged to report suspicious activity to the University Information Security & Privacy Office at the address security@unm.edu.  Where possible, ISPO staff encourage users to submit samples ‘as an attachment’ so the full message headers can be analyzed.  For information on providing an email as an attachment please visit the following:

https://ispo.unm.edu/frequently-asked-questions.html

Spam:

These messages typically have one or more of the following attributes/characteristics:

• The messages are unsolicited and are sent from unfamiliar addresses
• Contain ‘[SPAM?? #%]’ in the subject line
• Contain advertising in the message body

What you should do:  Forward the Spam sample (as an attachment) to spamdrop@unm.edu

Phishing:

These messages typically have one or more of the following attributes/characteristics:

• The messages are unsolicited and are sent from unfamiliar addresses
• The message body encourages you to take any action such as responding to the original message or clicking a link, or contains otherwise suspicious text

What you should do:  Forward the Phishing sample (as an attachment) to security@unm.edu

To stay updated with the latest phishing attempts and major security alerts visit the ISPO’s Phish Bowl and Advisories page:

https://ispo.unm.edu/phish-bowl/index.html

https://ispo.unm.edu/advisories/index.html

For more information regarding phishing/spoofing email schemes please reference the following PSA from the Federal Bureau of Investigation (FBI):

https://www.ic3.gov/crimeschemes.aspx#item-14

If you feel you have been the victim of a crime please file a report with UNM PD or visit https://police.unm.edu.

In the last several weeks, numerous customer NetIDs and passwords were compromised through successful phishing attacks. These attacks have become more sophisticated, and now include using UNM’s SharePoint online services to distribute malicious/ phishing content.  UNM IT is investigating and working to mitigate the attacks.

DNS, DHCP, and IP Address Management (DDI) is a key infrastructure service to UNM. To maintain this key infrastructure, the week starting August 28th, 2020, UNM - IT will begin an early morning phased hardware refresh of each appliance associated with the UNM Infoblox DDI Grid. Each morning a single component such as Internal Primary DNS/DHCP, secondary, External DNS, or Grid Master will be replaced.

No outage is expected during this time. During the hardware replacement, there is either an Active/Standby or Primary/Secondary physical hardware appliance providing DDI services of the other. There may be a slight delay as your client times out from the primary to secondary. But DHCP address will still be given out, DNS will still resolve, and IPAM will still be available.

On Friday, August 7, 2020 from 6:30 PM MT until 11:30 PM MT, UNMJobs and the Cornerstone TMS will be unavailable due to vendor software updates. The actual outage may be less than scheduled, however, it is unknown when the vendor will apply the update during the maintenance window.