Improvements to Azure Active Directory Single Sign On

ITS is updating Azure Active Directory Single Sign On on May 19, 2023.

Azure Active Directory (AAD) Single Sign-On (SSO) is an authentication service provided by Microsoft Azure that UConn uses with Microsoft 365 applications, such as Outlook and Teams.  Currently, when you first access a service protected by Azure SSO, you see a generic Microsoft login page.  We have received feedback that there are situations where this can be confusing.  The first improvement will be to add UConn branding to this login page.  The new theme will include UConn specific images, logos, and password reset options.  In addition to being clearer and more visually appealing, the UConn theme can help reduce the effectiveness of phishing attacks, which often simulate the default out-of-the-box Azure SSO screen.

Two-factor authentication (2FA) helps protect accounts by adding a second validation element to the authentication process.  Duo 2FA is currently used for all Microsoft 365 logins.  However, AAD SSO supports 2FA for any service that recognizes contemporary authentication protocols.  The second improvement is to expand the use of Duo 2FA to other services that utilize AAD for login.  Enabling Duo 2FA on additional services enhances security using a mechanism familiar to the community.