Content Comparison

This script is intended for use in one of three scenarios,

User has called in "I can't log in" or "My password doesn't work" or "My account got scrambled," etc & you find a STEAM-CIRT on their account.
User calls in "My account got hacked," or "My account is sending out spam, etc. If you can find a STEAM-CIRT for their account, proceed with that one. If not, scramble the account, create a new ticket, and proceed
You've received a ticket, have called out to contact the compromised user, and have reached them

NOTE: This is the STEAM-CIRT process that I use, it's what works best for me. I go this route to avoid syncing delays, or different steps that users have trouble with that can be speed bumps. Maybe something different will work better for you? It's just a starting point.

9

6/

14

30/

21: UPDATED for next step in MFA rollout

22: Updating now that MFA is enforced by default

Open the "Forwarding" tab on the leftIf there's any

Panel

borderColor	green
titleColor	green
borderWidth	2
titleBGColor	palegreen
borderStyle	solid
title	STEAM-CIRT Call Script (REPS)

CSC STUDENT REPRESENTATIVES, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

NOTE: Once you're up to speed on this process, you do not have to have this script up on screen every time you're doing it, however, YOU ARE RESPONSIBLE for making sure that EVERY critical step in this process is completed prior to the resolution of the STEAM-CIRT ticket.

1) Verify Identity via PPS

Verify the User's Identity via the standard PPS Identity Verification Process.

**MFA*) Notify an MFA liaison about your call**

During the MFA enrollment rollout, starting September 2021, you may be tasked with assisting your caller with their MFA enrollment
Notify a MFA Liasion via Slack with the user's alias/username when you get to this point in your call, possible liaisons are:
NOTE: We are limited in our options for liaisons, start at the top, and work your way down, if no one is available, skip the MFA steps in your ticket resolution and make a note of it in the tech notes.
- Specialist on Point
- #general with an @here tag.
- Individual Specialists via DMs
They are not turning on MFA at this point in your call, this is to notify a liaison that it is coming.

2) Complete the STEAM-CIRT Qualtrics Survey

On your own computer, open the Qualtrics STEAM CIRT survey
NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
Complete the survey, by reading off the questions to the user, and recording their answers.

3) Set a new Career Account Password via Account Setup Reset Tool

NOTE: To save time, you may want to generate the Setup Password in the background while going through the Qualtrics survey

2) Complete the STEAM-CIRT Qualtrics Survey

NOTE: To save time on the next step, you may want to generate the Setup Password in the background while going through the Qualtrics survey with the user.

On your own computer, open the Qualtrics STEAM CIRT survey
NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
Complete the survey, by reading off the questions to the user, and recording their answers.

3) Set a new Career Account Password via Account Setup Reset Tool

NOTE: To save time, you may want to generate the Setup Password in the background while going through the Qualtrics survey with the user.

Direct the user to purdue.edu/accountsetup
Have them fill in the first two blanks, PUID & Date of Birth
NOTE: They must match the example formats on the right EXACTLY
Generate a new Career Account Setup Password via https://www.purdue.edu/apps/account/AccountSetupReset
The previous password has been compromised, it's critical that you emphasize that they discontinue using this password for ANY (or variations of it) for ANY account.
Once their information is in, they should be able to proceed to the next page and set a new Career Account Password
NOTE: The requirements listed on the webpage are out of date, current password requirements can be found here.
NOTE: They only need this first page of the AccountSetup, they do not need to complete it
- If they receive an error from this webpage:
  NOTE: NEARLY every error on this page is going to be misleading, or at least not helpful
  - Double-check that they were inputting all the information correctly, and have them try again
  - Open If it still fails, open an incognito window in your browser, try the inputs yourself, if it works... they didn't type something right, have them try again
    - If it still fails, contact the Specialist on Point,
    - If they are not available, post an @here message @Specialist message in the #general Slack Teams channel
    - If that also fails, start pinging individual Specialists, preferably NOT ones on a call
Have them leave the AccountSetupReset tool, and continue below with the new password

4)

Set

Recover their Boilerkey

PIN#

via their Boilerkey Page

Set their Boilerkey PIN#

Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
Have them click on the "Manage" button in the middle to get to the CAS login page
They should log in with the new password from above, they'll need to log in with either:
- PW,push
- PW,6-digit-passcode
- If neither work, try PW,BYPASS and troubleshoot further
Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
NOTE: They SHOULD use a different PIN# than before.
Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.

Test their Boilerkey

Have them click on "Test your BoilerKey" next to the key icon.
Have them test to make sure their Boilerkey is working normally again.
NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode

Enable Boilerkey Self-Recovery

Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
They'll need to confirm their cellphone number via text message.

5) Secure their O365 Mailbox

NOTE: Hopefully by this point, their new password will have time to sync to O365... Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, the direct URL input is is portal.office.com
NOTE: Do this on the O365 web portal via computer, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.
Have them log in via their username@purdue.edu
NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu
For their password, use the new career account password from aboveset above
If prompted to register for MFA, walk them through that process, using the Microsoft Authenticator App is STRONGLY encouraged.
Otherwise, they'll just authenticate MFA normally.
Once into O365, have them navigate to Outlook .Once they've successfully logged in, notify the liaison from above to 'throw the switch' and enable MFA for this user.(Blue envelope icon on the left with an 'O')
Have them click the gear icon in the upper right corner, and then "View all Outlook settings" at the bottom of the sidebar
Open the "Rules" tab on the left
- Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
- Have them remove any malicious rules
Open the "Sweep" tab on the left
- Have them remove any sweep rules that they didn't create
Open the "Forwarding" tab on the left
- If there's any forwarding rules set to addresses that they don't recognize, have them remove them
Tell them that they'll want to follow up after the call and review any sent, received, or deleted emails to see if there's any issues that need to be addressed.
Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

6) MFA Enrollment

NOTE: More direction will probably be needed at some point, but see what you can do on your own?

Direct the user to sign out of the O365 Portal/Outlook
Direct them back to portal.office.com
Then sign back in, and they should then see this screen:

Image Removed

Once prompted during Step 1: How should we contact you? they'll want to select the option for "Mobile App" for authentication, and then "Receive notifications for verification"
NOTE: Apparently if you're adamantly opposed to using the Microsoft Authenticator App, you can use "KeePassXC Password Manager" instead? You just have to register the 'seed code' to the program for it to work. Per Justin Bryant of AgIT
Image Removed
THEORETICALLY, they should be able to follow through and complete the on screen prompts without much assistance.
If you have any issues, reach out to the MFA Liasion you contacted above.
Once complete, please detail how the MFA enrollment went in the Tech Notes portion of your ticket, and pass along the same information to the liasion
They will now be using MFA for their O365 logins, but since it employs 'trusted devices' they will only have to authenticate via MFA once every 14 days.

Resolution

End your call and resolve the ticket.

Image Removed

Panel

borderColor	royalblue
titleColor	royalblue
borderWidth	2
titleBGColor	lightskyblue
borderStyle	solid
title	MFA Liaison - Assisting REPs in MFA Enrollment

CSC SPECIALISTS, since REPS don't have AzureAD access, you may need to back them up and do the MFA enrollment for them.

When you're pinged by a REP for assistance doing MFA enrollment, get the username and be prepared to enroll the user in MFA via these directions, Manual Enrollment Using Azure AD
NOTE:But do not turn on MFA at this point, this is just to get it ready.

Once the REP is ready, as in, their user has gotten into O365 to secure the mailbox, enable MFA for this user.

THEORETICALLY, the REP should be able to finish the process unaided. If they report back any issues, please pass that information along to Adrianne, Casey, and/or Dan/Jenn.

Panel

borderColor	green
titleColor	green
borderWidth	2
titleBGColor	palegreen
borderStyle	solid
title	STEAM-CIRT Call Script (SPECS)

CSC SPECIALISTS, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

NOTE: Once you're up to speed on this process, you do not have to have this script up on screen every time you're doing it, however, YOU ARE RESPONSIBLE for making sure that EVERY critical step in this process is completed prior to the resolution of the STEAM-CIRT ticket.

1) Verify Identity via PPS

Verify the User's Identity via the standard PPS Identity Verification Process.

**MFA*) Notify an MFA liaison about your call**

During the MFA enrollment rollout, starting September 2021, you may be tasked with assisting your caller with their MFA enrollment
Be prepared to enroll your user in MFA via these directions, Manual Enrollment Using Azure AD
NOTE: But do not turn on MFA at this point in your call, this is just to get it ready.

2) Complete the STEAM-CIRT Qualtrics Survey

On your own computer, open the Qualtrics STEAM CIRT survey
NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
Complete the survey, by reading off the questions to the user, and recording their answers.

3) SPEC ONLY Set Temporary Password via Active Directory

NOTE: To save time, I do this in the background after PPS, while going through the Qualtrics survey with the user.

Specs can use AD to set a randomized temporary password
NOTE:I go this route of tempPW then PW to avoid sync delays, and some speedbumps. Do what works best for you.
NOTE: You can instead use the AccountSetupReset tool to have them set a password here, but you may way up waiting up to half an hour for it to sync to O365.

Relay the randomized password to your caller.

4) Set Boilerkey PIN# via their Boilerkey Page

Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
Have them click on the "Manage" button in the middle to get to the CAS login page
They should log in with the new password from above, they'll need to log in with either:
- PW,push
- PW,6-digit-passcode
Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
NOTE: They SHOULD use a different PIN# than before.
Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.
Have them click on "Test your BoilerKey" next to the key icon.
Have them test to make sure their Boilerkey is working normally again.
NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode
Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
They'll need to confirm their cellphone number via text message.

5) Secure their O365 Mailbox

NOTE: Hopefully by this point, their new password will have time to sync to O365... Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, the direct URL input is portal.office.com
NOTE: Do this on the O365 web portal via computer, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.

Have them log in via their username@purdue.edu
NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu

For their password, use the new password from above

Once into O365, have them navigate to Outlook.

Once they've successfully logged into O365 enable MFA for this user.

Have them click the gear icon in the upper right corner, and then "View all Outlook settings" at the bottom of the sidebar

Open the "Rules" tab on the left

Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
Have them remove any malicious rules

Open the "Sweep" tab on the left

Have them remove any sweep rules that they didn't create

CSC SPECIALISTS, since REPS don't have AzureAD access, you may need to back them up by changing MFA settings for them (after user identity has been confirmed).

Panel

borderColor	green
titleColor	green
borderWidth	2
titleBGColor	palegreen
borderStyle	solid
title	STEAM-CIRT Call Script (SPECS)

CSC SPECIALISTS, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

NOTE: Once you're up to speed on this process, you do not have to have this script up on screen every time you're doing it, however, YOU ARE RESPONSIBLE for making sure that EVERY critical step in this process is completed prior to the resolution of the STEAM-CIRT ticket.

1) Verify Identity via PPS

Verify the User's Identity via the standard PPS Identity Verification Process.

**MFA*) Notify an MFA liaison about your call**

During the MFA enrollment rollout, starting September 2021, you may be tasked with assisting your caller with their MFA enrollment
Be prepared to enroll your user in MFA via these directions, *Needs Updated - Manual Enrollment Using Azure AD
NOTE: But do not turn on MFA at this point in your call, this is just to get it ready.

2) Complete the STEAM-CIRT Qualtrics Survey

On your own computer, open the Qualtrics STEAM CIRT survey
NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
Complete the survey, by reading off the questions to the user, and recording their answers.

3) SPEC ONLY Set Temporary Password via Active Directory

NOTE: To save time, I do this in the background after PPS, while going through the Qualtrics survey with the user.

Specs can use AD to set a randomized temporary password
NOTE:I go this route of tempPW then PW to avoid sync delays, and some speedbumps. Do what works best for you.
NOTE: You can instead use the AccountSetupReset tool to have them set a password here, but you may way up waiting up to half an hour for it to sync to O365.
Relay the randomized password to your caller.

4) Set Boilerkey PIN# via their Boilerkey Page

Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
Have them click on the "Manage" button in the middle to get to the CAS login page
They should log in with the new password from above, they'll need to log in with either:
- PW,push
- PW,6-digit-passcode
Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
NOTE: They SHOULD use a different PIN# than before.
Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.
Have them click on "Test your BoilerKey" next to the key icon.
Have them test to make sure their Boilerkey is working normally again.
NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode
Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
They'll need to confirm their cellphone number via text message.

5) Secure their O365 Mailbox

NOTE: Hopefully by this point, their new password will have time to sync to O365... Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, the direct URL input is portal.office.com
NOTE: Do this on the O365 web portal via computer, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.
Have them log in via their username@purdue.edu
NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu
For their password, use the new password from above
Once into O365, have them navigate to Outlook.
Once they've successfully logged into O365 enable MFA for this user.
Have them click the gear icon in the upper right corner, and then "View all Outlook settings" at the bottom of the sidebar
Open the "Rules" tab on the left
- Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
- Have them remove any malicious rules
Open the "Sweep" tab on the left
- Have them remove any sweep rules that they didn't create
Open the "Forwarding" tab on the left
- If there's any forwarding rules set to addresses that they don't recognize, have them remove them
Tell them that they'll want to follow up after the call and review any sent, received or deleted emails to see if there's any issues that need to be addressed.
Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

6) MFA Enrollment

NOTE: More direction will probably be needed at some point, but see what you can do on your own?

Direct the user to sign out of O365
- Then sign back in, and they should then see this screen:
Image Removed
Once prompted during Step 1: How should we contact you? they'll want to select the option for "Mobile App" for authentication, and then "Receive notifications for verification"
Image Removed

THEORETICALLY, they should be able to follow through and complete the on screen prompts without much assistance.

to see if there's any issues that need to be addressed.

Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

6) MFA Enrollment

NOTE: More direction will probably be needed at some point, but see what you can do on your own?

Direct the user to sign out of O365
Then sign back in, and they should then see this screen:
Image AddedOnce prompted during Step 1: How should we contact you? they'll want to select the option for "Mobile App" for authentication, and then "Receive notifications for verification"

Image Added

THEORETICALLY, they should be able to follow through and complete the on screen prompts without much assistance.
Advise them that already established mail profiles (like on mobile devices) usually can't make the transition over to MFA from 1FA, so you'll want to remove the email from your mail client on your phone, then readd it to enable MFA security. Or, if preferred, you can switch over to using the Outlook Mobile App for your email and calendar services."

If you have any issues, reach out to the MFA Liasion you contacted above.
Once complete, please detail how the MFA enrollment went in the Tech Notes portion of your ticket, and pass along the same information to the liasion
They will now be using MFA for their O365 logins, but since it employs 'trusted devices' they will only have to authenticate via MFA once every 14 days.

7) Set Password via apps/account

NOTE: If you set a tempPW via AD, they'll need to go back and set a new Career Account Password now.

Direct the user to the apps/account page, purdue.edu/apps/account
NOTE: Since they're already logged in with Boilerkey, they can set their password via their Boilerkey credentials
NOTE: If they still have the Boilerkey tab open from above, they can just click on the "User Account Information" link at the top of that page.
In the lower right panel, click the "Reset Password" link near the bottom right.
Have them set a new password, make sure they get the confirmation message, and then they're done.

Resolution

End your call and resolve the ticket.

Version	Old Version 30	New Version Current
Changes made by	ajmankey	lawsonsc
Saved on	Sept 15, 2021	Nov 17, 2023

Content Comparison

Versions Compared

Key

This script is intended for use in one of three scenarios,

6/

30/

22: Updating now that MFA is enforced by default

CSC STUDENT REPRESENTATIVES, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

MFA*) Notify an MFA liaison about your call

2) Complete the STEAM-CIRT Qualtrics Survey

3) Set a new Career Account Password via Account Setup Reset Tool

2) Complete the STEAM-CIRT Qualtrics Survey

3) Set a new Career Account Password via Account Setup Reset Tool

4)

Recover their Boilerkey

via their Boilerkey Page

5) Secure their O365 Mailbox

6) MFA Enrollment

Resolution

CSC SPECIALISTS, since REPS don't have AzureAD access, you may need to back them up and do the MFA enrollment for them.

CSC SPECIALISTS, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

1) Verify Identity via PPS

MFA*) Notify an MFA liaison about your call

3) SPEC ONLY Set Temporary Password via Active Directory

4) Set Boilerkey PIN# via their Boilerkey Page

5) Secure their O365 Mailbox

Resolution

CSC SPECIALISTS, since REPS don't have AzureAD access, you may need to back them up by changing MFA settings for them (after user identity has been confirmed).

CSC SPECIALISTS, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone.

1) Verify Identity via PPS

MFA*) Notify an MFA liaison about your call

3) SPEC ONLY Set Temporary Password via Active Directory

4) Set Boilerkey PIN# via their Boilerkey Page

5) Secure their O365 Mailbox

6) MFA Enrollment

6) MFA Enrollment

7) Set Password via apps/account

Resolution

**MFA*) Notify an MFA liaison about your call**

**MFA*) Notify an MFA liaison about your call**

**MFA*) Notify an MFA liaison about your call**