Category Archives: Services

OIT Help Desk – New Phone System – Wednesday, July 19

On Wednesday, July 19, 2017, the OIT Help Desk will be switching to a new phone system. When calling the Help Desk at 848-445-HELP (4357) you will hear a new automated voice and new menu options.
 
This new system will allow us to better serve the community with improved comprehensive menu options and enhanced capabilities such as scheduling a call back during periods of high call volume.
 
We welcome your feedback!  Please call in at 848-445-HELP (4357) or email help@oit.rutgers.edu with any questions, comments, or concerns.

Rutgers Connect Features: Mentions, Templates, & Forms

Built on the feature-rich Office 365 platform, Rutgers Connect offers a wide variety of tools to increase productivity and streamline user experience. This article will discuss three of these tools – Mentions, Templates, and Forms – and detail the ways in which they can assist with day-to-day tasks.


Mentions

With a constant influx of email from colleagues, departmental mailing lists, University newsletters, automated notifications, and more, it’s easy for a message to go unnoticed for some time as its recipient reads through his or her inbox. Often this is perfectly fine; not everything needs to be attended to immediately. Other times, however, this is not the case, and an individual needs to be made aware of something as soon as possible. Office 365 provides a handy tool to ensure that happens: Mentions.

When composing an email, users can highlight the message for a specific individual. This marks it in the recipient’s inbox on OWA (Outlook Web App, located at connect.rutgers.edu) with a colorful, eye-catching @ symbol and lets him or her know that it requires prompt attention. An example of what such a message would look like is shown below.

Image of three emails, one of which contains a Mention, showing the visual contrast between messages without Mentions and messages including Mentions; the latter is marked with an @ symbol on the right-hand side.

Although emails containing Mentions are not marked with an @ symbol in the desktop application for certain operating systems, such as Windows 7, they still stand out in another way: they can be filtered for in the Mentioned user’s inbox. This also works in OWA. The images below demonstrate this filtering in the desktop client and OWA.

The screenshot of Outlook 2016 shows how an email containing a Mention is sorted into its own filtered folder titled "Mentions", but not marked with an @ symbol. "All" and "Unread" are also displayed as filtered folders, and there are options to search and sort messages within the folder.Screenshot of OWA demonstrating an email with a Mention sorted into its own filtered folder and marked with an @ symbol. The applied filter, titled "Mentions", is displayed in the top right corner.

To use Mentions, the sender must include the recipient’s name in the format “@FirstName LastName” (without quotation marks) and then choose the appropriate person from the drop-down list of University affiliates with that name. It is important to note that Mentions are only available for use in OWA and Outlook 2016; older versions of Outlook do not support this feature.

For more information, please see Microsoft’s article on Mentions.


Email Templates

Some types of emails may be sent very frequently; a department administrator might routinely request access to some service for each new employee every time one is onboarded, or a manager might regularly ask their direct reports for status updates on projects. It often seems that the same words are being rewritten every time, which can grow tiresome very quickly. But Office 365 provides a solution: email templates.

Users can create templates for the various types of emails they send frequently, and then use them as shortcuts in the future. Examples of the template interfaces in OWA and in Outlook 2016 are shown below; the icons which lead to them in each client are highlighted.

A screenshot of the email composition window in Outlook 2016. There is a selection of templates available for use on the right, one of which has been selected and used to compose the message. In the ribbon towards the top of the window, the "Office Add-ins" icon is surrounded by a blue rectangle to make it more noticeable. Screenshot of an email which was composed in OWA using an email template. A selection of templates and an option to add additional templates is displayed on the right, and the body of the message matches one of the template options with only slight edits (topic of the message and suggested date for completion). On the bottom right, the icon which opens the templates menu is surrounded by a square to make it more noticeable.


Forms

Microsoft Forms is a component of Office 365 which allows users to create, share, and respond to (as the name suggests) forms. It’s well-suited for a variety of purposes; a professor could give her students a quiz, a department hosting a luncheon could send out a form with menu options and a yes/no plus-one question, a group which presented at a conference could ask attendees for feedback, or administrators of some particular service could run customer satisfaction surveys.

Several types of questions are supported: multiple-choice, text/free-response, rating, and date. Form creators can place restrictions on responses, such as requiring a positive number as an answer to a free-response question, which ensures valid responses (for example, if asking how many party members a reservation is for, neither “0” nor “Smith” should be accepted). In the case of quizzes, multiple-choice questions can be auto-graded while other types of questions must wait for review by the form creator.

The designer menu for an example form is shown below.
 The interface for editing questions on a quiz in Microsoft Forms is displayed. One free-response question and two multiple-choice questions are displayed; the second multiple-choice question is being edited. All questions are marked as required and show the per-question point values. The multiple-choice questions indicate the correct answer with a check mark to the right of the answer. There is an option at the bottom to add additional questions. A tab at the top allows users to switch to viewing responses.

Creators have a variety of options to choose from when sharing their forms. One method of sharing is “share to collaborate”, allowing others to edit the form and view responses; another is “share as a template”, allowing others to create their own version of the form and make changes to the design but not to examine submissions for this particular instance of the form. The most common way is “share to collect responses”, which grants no administrative privileges but allows users to see the form and submit responses. This type of sharing can be limited to individuals within Rutgers or open to anyone with a link to the form. (Technically, “share to collaborate” can also be made open to anyone with the link, but this is not recommended.)

Once the form is shared and responses are gathered, creators and collaborators can view them in summary as well as in detail. Below is an example of the first viewing option, which provides statistics about each question rather than individuals and their responses.

An example of the interface for viewing responses on Microsoft Forms is displayed. The screenshot shows the number of responses (5), the average score on the assessment (3/4), the status of the assignment (active), and statistical breakdowns of the responses for each question (both in a table and in a pie chart). There are options to review answers, post scores, and open the response data in Microsoft Excel. A tab at the top allows users to switch to viewing questions.

More detailed results are available in several forms. The full list of responses matched with the corresponding participants, submission times, and more is visible through the “Open in Excel” option. “Review answers” allows for viewing responses by participant rather than by question, and “Details” next to each question displays individual responses only for that question, as displayed below.

There is a table showing a breakdown of the five responses for this question. A column for names of participants is present, but the names have been partially obscured. There are also columns displaying the ID of the response, the content of each person's response, and an indicator of correctness or wrongness in the form of a green check mark or a red x.

The Forms portal is accessible from Rutgers Connect through the Office 365 App Launcher (the “waffle” in the top left corner) or directly at forms.office.com. Users interested in learning more may wish to visit the Microsoft website and read What is Microsoft Forms?, which explains how to get started using the various features of Forms.


Author: Rae Clarke

Stay tuned for upcoming articles discussing additional Office 365 features! If you have any questions, comments, or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.

Rutgers Connect Features: OneDrive for Business 

This article is an introduction to OneDrive for Business, a key component of the Office 365 suite of services which provides secure storage and backs a broad set of features such as Office Online.


The Technology behind OneDrive for Business

OneDrive for Business is a different product than the consumer-grade OneDrive. As it is built on top of the SharePoint Online technology, it benefits from the more advanced intranet-targeted features available in SharePoint.

Each file stored in OneDrive for Business is automatically under version control; whenever a user uploads a new version of the same file in the same location, the previous file is archived. Previous versions can be retrieved, and information about each version’s upload time and editor are available for review.

All files and folders stored in OneDrive for Business can be shared with any other University members using Rutgers Connect with various levels of permissions, including read-only, read/write, etc. Files and folders can also be shared with external users, such as students not using Office 365 or users completely external to the university, but these external shares must be read-only and the recipient will need to authenticate when accessing the shared data. Anonymous sharing is not permitted. If more extensive collaboration is required with users external to Rutgers Connect, responsible parties should consider creating guest accounts for the external collaborators.

OneDrive for Business is covered by the HIPAA Business Associate Agreement signed by Microsoft as well as all other legal frameworks covered in our software agreement. For more details about these legal frameworks, please see our previous articles on Security and Trust . Please note that while OneDrive for Business is HIPAA-compliant, users handling sensitive information should continue to use any dedicated systems already in place and approved for such use.

Each Rutgers Connect user is allocated 1 TB of OneDrive for Business storage space. This storage is subject to a number of limitations; for example, there are maximum file name lengths and certain characters and file type extensions are prohibited. Additional information regarding syncing restrictions can be found here.

Please note that at this time this 1 TB storage allocation cannot be expanded. If users need additional storage, they can contact their local IT support or the OIT Help Desk for alternate arrangements.

Ownership of OneDrive for Business storage segments is not limited to individuals. Office 365 Groups can also have a OneDrive for Business storage allocation, which defaults to 100 GB but can be extended as needed upon request. OneDrive for Business storage in Office 365 Groups behaves exactly like its equivalent user storage; it can be shared, edited, or accessed in the same ways. However, it is owned by the group rather than any one individual who might retire or change employment assignments or responsibilities.

Like all Rutgers Connect components, data stored in OneDrive for Business is doubly encrypted at rest, benefiting from both disk-level encryption and file-level encryption. For more information about the Office 365 encryption and security mechanisms, please see our article, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security.


Using OneDrive for Business

OneDrive for Business can be accessed and used directly via the web interface of Rutgers Connect, which allows users to upload, delete, and update files or share OneDrive for Business stored information with other users. This is the recommended method of interaction for most users.

OneDrive for Business can also be made available directly on a user’s desktop or laptop like a network file system through the use of the OneDrive for Business synchronization client.  Files synced in this manner are also available for offline use and will automatically re-sync to the Office 365 cloud services when connectivity is available. These files remain subject to the limitations mentioned earlier. Additionally, if a large number of files are synchronized, a significant amount of local storage may be used to cache the cloud-hosted data.

When using the latest versions of Microsoft Office associated with Rutgers Connect, collaborative editing of documents is also supported. In both desktop and web versions of the supported Office tools, users can collaboratively work on the same documents, see the changes being made as they happen, and chat with other editors currently accessing the file they are working on.

All OneDrive for Business data can also be accessed through the OneDrive mobile application available to all users enrolled in the Mobile Device Management component of Rutgers Connect. Rutgers Connect users may access their own data as well as data shared to them by other users on their mobile device; additionally, they may edit and modify this data if the mobile version of the appropriate software has been installed on their devices. For example, users may use the mobile version of Excel to edit a shared spreadsheet from anywhere in the world. Office applications for mobile devices are available to all faculty and staff users of Rutgers Connect as part of their Office 365 license.


OneDrive for Business Usage Recommendations

While the advanced features and generous storage allocation of OneDrive for Business might be attractive for all types of use, some particular aspects of its implementation make it not ideal for some uses.

Due to its double encryption and version control, OneDrive for Business is not suitable for storing data which is accessed or modified by other applications. For example, do not use OneDrive for Business to store email files that you plan to access live in Outlook or research data that is going to be directly accessed by statistical software. You can certainly store this type of data in OneDrive for Business for the purpose of backups, transfers, or archiving, but if you plan to use it in other applications you should first download it to local or network storage.

While it may be tempting to backup whole desktops or servers to OneDrive for Business, this use is also strongly discouraged due to the performance implications of encryption and version control. Additionally, while the number of files that can be stored is very large, full system backups may exceed those limits.

It is also advisable to use Office 365 Groups OneDrive for Business storage allocations for files or data that are used by multiple users or are business critical. Individual storage allocation is bound to the license of individual users and may become unavailable as users leave the university or change employment roles, whereas the storage allocations of Office 365 Groups can remain under the management of individual units or departments indefinitely.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

If you have any questions, comments, or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


Update on Issues with WebReg and Other Services: Monday, June 5th, 2017, 2:30 P.M.

As of about 1:40 P.M. on Monday, June 5th, 2017, the Office of Information Technology has confirmed that the following services are available:
Schedule of Classes
OTB – Term Bill
Personal Info
Instant Verification
Issues with WebReg are still actively being worked on.  We apologize for the inconvenience.

Issues with WebReg, Schedule of Classes, and Other Services: Monday, June 5, 2017

As of the morning of Monday, June 5th, the following services are experiencing issues:
WebReg
Schedule of Classes
OTB – Term Bill
Personal Info
Instant Verification
The Office of Information Technology is working on a resolution as quickly as possible.  We apologize for the inconvenience.

RUWireless Guest Service

On Tuesday, May 23rd, Rutgers OIT is launching the RUWireless guest service.  This unauthenticated service will provide wireless access to University guests who do not have a NetID and password. Anyone currently using RUWireless Secure will be unaffected by this change.
 
The RUWireless guest service will be replacing the existing RUWireless network. 
Web applications that require Central Authentication Services (CAS) services are NOT accessible from the guest network.
 
Rutgers students, faculty, staff, or guests with a valid NetID should connect by selecting “I have a NetID” and their devices will go through a one-time configuration for RUWireless Secure.  
 
For additional information about these service changes, see the RUWireless page at:

Rutgers Connect Security and Trust Part Three: Mobile Device Management 

This is the third in a series of articles covering data security and privacy in Rutgers Connect, addressing both the standards and capabilities of the Office 365 platform and the Rutgers-specific customizations and policies related to these topics.

The first entry in the series, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security, introduced users to security and data resiliency features native to the Office 365 platform.

It was followed by Rutgers Connect Security and Trust Part Two: Rutgers-Specific Implementation and Policies, which covered the customizations made and policies enacted to protect users’ privacy in Rutgers Connect.

In this third and final article, we will discuss Mobile Device Management.


Reasons to Use MDM

Mobile Device Management is a suite of software and policies designed to ensure that end-user and University data stored on mobile devices is secured from unauthorized access. Modern mobile devices are far more advanced than old-style mobile telephones; they are full-powered computers that go with us everywhere. Unfortunately, these devices are often unsecured from casual access by unauthorized parties, and they are easily lost or stolen. MDM enrollment helps reduce the security risk these factors pose.

While MDM enrollment is not mandatory, users who chose to not enroll their devices in the Rutgers Connect MDM system may only access Rutgers Connect services via the mobile web interface. For many, this is sufficient. However, users desiring more advanced integration, including the ability to edit and share Office files, full calendar integration, device caching of email and other data, access to OneDrive-hosted files, etc. must enroll their devices.


MDM Requirements & Capabilities

There is a considerable amount of confusion and misinformation about what Rutgers can and cannot do to a enrolled mobile device. While other products offered by Microsoft may be able to enforce more advanced policies and controls (as reflected by warnings presented during the enrollment process), the version purchased by and available to Rutgers University cannot track users’ movements or access any data on the device, including any data about usage, installed software, personal data, photographs, etc. The MDM product’s capabilities are limited to enforcing certain basic security settings and providing remote wipes of the device when requested by the user.

As configured and supported by the University, the only requirements most users will have to comply with for MDM enrollment are securing the phone with a simple lock screen PIN and accepting the remote wipe access. Users who are subject to HIPAA regulations must also ensure that all data on the device is encrypted and use a more complicated PIN. In all cases, more modern devices which support fingerprint authentication can use that method as a substitute for the PIN when unlocking the device, but the PIN will still be required at device startups and reboots.

Rutgers University will never initiate a remote device wipe without the express permission and request of the device owner. This option is available to the owner of a device, the delegated Connect administrators for their department, and select OIT Connect administrators. The use of this feature is limited to cases where a device has been lost or stolen and the device owner requests that all data on the device be wiped to secure it from any chance of unauthorized access.

More information about MDM and configuration of mobile devices can be found here.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

This concludes our three-part series of articles on Security and Trust in Rutgers Connect, but stay tuned for other topics to be covered in future articles.

If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


As described in this series, Office 365 and the Rutgers Connect implementation are designed with security as a top priority, offering a wide array of rigorous protective features at multiple levels which provide users with a great deal of privacy and safety. However, as with every existing platform, NPPI (Non-Public Personal Information, such as Social Security numbers) should still not be transmitted via email.

Rutgers Connect Security and Trust Part Two: Rutgers-Specific Implementation and Policies

This is the second in a series of articles covering data security and privacy in Rutgers Connect, addressing both the standards and capabilities of the Office 365 platform and the Rutgers-specific customizations and policies related to these topics.

The first entry in the series, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security, introduced users to security and data resiliency features native to the Office 365 platform.

In this article, we focus on Rutgers-specific security considerations as well as additional protective features included in the Rutgers Connect implementation of Office 365.


HIPAA Compliance

While Microsoft Office 365 is a HIPAA-compliant product and Microsoft has signed a Business Associate Agreement (BAA) with the University, Rutgers Connect is currently undergoing a rigorous in-house analysis to evaluate and document all aspects of the product, both as offered by Microsoft and as configured by the University, with regard to HIPAA compliance. When this effort is complete, the University should be able to provide better guidance about which specific HIPAA data types, communications, and activities can be used, stored, and conducted via Rutgers Connect. In the meantime, please contact the Office of Enterprise Risk Management, Ethics, and Compliance if you have any questions.

Along with the provisions set forth in the University’s BAA with Microsoft for Office 365 and the security features built into the platform, Rutgers Connect automatically enforces a number of additional security features for University members who are part of units designated as HIPAA-covered entities.

Email originating from users belonging to such units and addressed to external users is automatically routed through a product named Zix. Zix scans outgoing messages for HIPAA-covered data, such as private patient information, and ensures that the message is delivered securely to the recipient by ensuring end-to-end encryption of the communication channel via a number of different technologies.

The end user needs to ensure that any communications involving HIPAA data are sent only to those parties who have the correct authorization to handle the data they receive. Proper training for all users handling and communicating HIPAA data is essential.

Current, already-existing procedures which cover the handling of HIPAA and NPPI data (like using a patient portal for doctors to securely communicate with patients) should NOT be changed simply because Rutgers Connect is now available. All standard procedures for handling HIPAA data and communications should continue unchanged. Proposals for new procedures or changes to existing procedures involving HIPAA data should be submitted for evaluation and authorization to the appropriate organizations tasked with those responsibilities.

More information about Office 365 and HIPAA is available from Microsoft. Interested users may wish to visit the Office 365 & Microsoft Dynamics CRM Online HIPAA/HITECH frequently asked questions page on the Microsoft website.


Additional Implemented Security and Privacy Features

After consulting with IPS (Information Protection and Security) and ERM (the Office of Enterprise Risk Management, Ethics, and Compliance), OIT has made a number of security-related choices when configuring Rutgers Connect which protect users from intentional or accidental exposure of private or internal data.

Anonymous external sharing of all data is restricted. While users may certainly share Calendars, OneDrive stored files, etc with colleagues external to Rutgers Connect and the University at large, the sharing cannot be anonymous. The intended recipient of the share must create their own set of unique login credentials when they receive the first share notification and use these credentials whenever accessing the shared data. Calendars may be externally shared anonymously, but with limitations on what information is exposed; recipients can view the times and names of events, but no event details, notes, or attachments will be visible.

At this time, users cannot access the plugin store or grant third-party applications permission to interact directly with the data stored in their accounts. Third-party applications may request access to your mailbox, OneDrive data, and more; to avoid accidental or malicious exposure of your data, user authorization of such third-party application access is not enabled. That does not mean we cannot integrate Rutgers Connect with third-party services – in fact, we have already done so for a number of Rutgers-supported services such as Blackboard – but such configurations and associations must be made by OIT systems administrators after appropriate review.

To protect users from both accidental deletions of email or files and malicious data removal in the case of an account breach, OIT has configured Rutgers Connect to retain and potentially recover data for 30 to 60 days after deletion. The length of time for which an item is retained varies. Newly-created or received items can be recovered for up to 60 days from the day of creation or receipt regardless of when they were deleted, while older items can be recovered for 30 days after deletion. This is not an effortless operation; users should always be careful to preserve data they still need and only delete unnecessary items.

Access to Rutgers Connect services via mobile devices is limited to only web access unless the device is enrolled in the Rutgers Connect Mobile Device Management system. Mobile Device Management (MDM) will be covered in more depth in the third article in this series.

Additional security features such as two-factor authentication, data loss protection algorithms and policies, and Advanced Threat Protection are being currently evaluated and will be deployed when appropriate.


Delegated Administration

Rutgers Connect is centrally configured, managed and supported by OIT, primarily by the Enterprise Messaging group and the OIT Help Desk. When picking the product, a fundamental feature the selection committee considered was the ability to delegate certain administrative tasks and functions to local and departmental IT support structures.

Whenever possible, OIT delegates control over departmental domain management, resource creation and maintenance, various user support functions, etc. to the IT staff directly supporting various academic and administrative units. This delegation leverages the Role-Based Access Control capabilities of Office 365 to ensure that no departmental IT staff has access to the resources and data owned by other departments. Additionally, tools and APIs are in place to ensure that all business practices are enforced across all departments and IT staff.

Delegated administrators are bound to the same requirements and rules regarding user information and privacy as the central OIT staff managing Rutgers Connect. These rules are formulated and maintained by the University, including the Office of General Counsel and other parties.


Rutgers Access to User Data

User privacy is of utmost importance, and OIT is cognizant of the trust placed in our hands. To ensure that this privacy is always respected, OIT has implemented the following guidelines and tools.

  1. No OIT staff member or delegated departmental administrator will access user data without first obtaining the explicit permission of the user except under a very narrow set of cases such as:
    1. Performing a legal eDiscovery or OPRA search at the written request of the Office of General Counsel. In these cases, OIT staff do not access the data directly, but retrieve it for use by OGC without examining it.
    2. Combating or investigating an active and emergent security threat where we believe an account is being used maliciously or by unauthorized actors.
  2. In the unusual case that an OIT staff member needs access to a user’s account in the course of providing support or performing maintenance functions, OIT staff will first obtain permission from the user to access the data, either directly from the user or via local support acting as intermediaries for the user. Such access will always be limited to the minimum required to solve the issue at hand, and permission to access the account is considered withdrawn when the issue is resolved.
  3. All actions taken by OIT staff or delegated departmental administrators are immutably logged. No one in Rutgers University can alter these logs in any way; these logs are not under the control of the University, but rather they are immutably maintained by Microsoft. Logging of administrator actions cannot be turned off or bypassed.
  4. All eDiscovery and OPRA searches are immutably logged. In addition, records are kept of the official requests received from the Office of General Counsel directing the searches in question.

Additional standards and policies are being developed by the Office of General Counsel in consultation with other relevant parties. Any new standards and procedures will be posted in the appropriate locations.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

This concludes Part Two of the Rutgers Connect Security and Trust series. Stay tuned for the third and final article in the series, which will cover Mobile Device Management.

If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


As described in this series, Office 365 and the Rutgers Connect implementation are designed with security as a top priority, offering a wide array of rigorous protective features at multiple levels which provide users with a great deal of privacy and safety. However, as with every existing platform, NPPI (Non-Public Personal Information, such as Social Security numbers) should still not be transmitted via email.