The URL can be used to link to this page

Home My WebLink AboutIR 10253 INFORMAL REPORT TO CITY COUNCIL MEMBERS No. 10253 March 26, 2019 To the Mayor and Members of the City Council Page 1 of 1 SUBJECT: RECENT EMAIL LOGIN ISSUES This Informal Report is in response to questions regarding recent issues with email logins. Summary of Issue Information Technology Services (ITS) began the move from email maintained on servers in the Fort Worth data center to the Cloud-based Office 365 product in June 2018. The move of all email to the cloud was completed in October 2018. Employees with Office 2010, 2013, or those using the built-in email app on a mobile device were being prompted repeatedly to login. Each attempt was unable to successfully login preventing access to email on the mobile device. ITS staff worked with Microsoft technical support to resolve this issue. Microsoft identified the root cause as being the result of a password spray attack on Office 365 and built-in email apps on mobile devices using outdated login protocol. Password spraying is a common technique used by hackers to attempt to gain access to login credentials by in the cloud. The hacker goes to a publicly available website (outlook.office.com) and uses lists of publicly available email addresses. The hackers use computers to attempt thousands of email/password combinations hoping to randomly guess the right combination and gain access to Fort Worth computer resources. An unintended result of our internal security policies locks the email accounts attacked through this method due to excessive unsuccessful login attempts. When the accounts are locked, access to Offices 365 email is prevented. Actions taken to date: Under the recommendation of Microsoft technical support, the following changes were made: th February 12Established redundancy for email authentication servers th February 13Implemented software patches to all Office 2010 and 2013 software to correct outdated login protocols st February 21Adjusted email authentication server settings to limit unsuccessful login traffic from suspicious sources th March 6 Adjusted email account lockout settings th March 12Updated rules for email authentication server th March 15 Began moving affected employees to the Microsoft Outlook email app on mobile devices. The Outlook email app uses an approved Microsoft login protocol. This resolves the lockout situation. Planned Actions Engaged consultants from Dell to plan and implement further protections from password spray attacks Move all mobile devices to the Microsoft Outlook email app Upgrade all Office 2010 clients to the latest version Office 2019 th Planning for these actions is expected to be completed on March 28. With implementation starting immediately after. In the meantime, contact Roger Wright, Interim IT Solutions Director, at 817-392-2230 or roger.wright@fortworthtexas.gov if you have questions. David Cooke City Manager ISSUED BY THE CITY MANAGER FORT WORTH, TEXAS