*Needs Updated - STEAM-CIRT Call Scripts

CSC SPECIALISTS, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone. 

NOTE: Once you're up to speed on this process, you do not have to have this script up on screen every time you're doing it, however, YOU ARE RESPONSIBLE for making sure that EVERY critical step in this process is completed prior to the resolution of the STEAM-CIRT ticket.

1) Verify Identity via PPS

• Verify the User's Identity via the standard PPS Identity Verification Process.

MFA*) Notify an MFA liaison about your call

• During the MFA enrollment rollout, starting September 2021, you may be tasked with assisting your caller with their MFA enrollment
• Be prepared to enroll your user in MFA via these directions, *Needs Updated - Manual Enrollment Using Azure AD
  NOTE: But do not turn on MFA at this point in your call, this is just to get it ready.

2) Complete the STEAM-CIRT Qualtrics Survey

• On your own computer, open the Qualtrics STEAM CIRT survey
  NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
• Complete the survey, by reading off the questions to the user, and recording their answers.

3) SPEC ONLY Set Temporary Password via Active Directory

NOTE: To save time, I do this in the background after PPS, while going through the Qualtrics survey with the user.

• Specs can use AD to set a randomized temporary password
  NOTE: I go this route of tempPW then PW to avoid sync delays, and some speedbumps. Do what works best for you.
  NOTE: You can instead use the AccountSetupReset tool to have them set a password here, but you may way up waiting up to half an hour for it to sync to O365.
• Relay the randomized password to your caller.

4) Set Boilerkey PIN# via their Boilerkey Page

• Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
• Have them click on the "Manage" button in the middle to get to the CAS login page
• They should log in with the new password from above, they'll need to log in with either:
  
  • PW,push
  • PW,6-digit-passcode
• Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
  NOTE: They SHOULD use a different PIN# than before.
• Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.
• Have them click on "Test your BoilerKey" next to the key icon.
• Have them test to make sure their Boilerkey is working normally again.
  NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode
• Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
  NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
• Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
• They'll need to confirm their cellphone number via text message.

5) Secure their O365 Mailbox

NOTE: Hopefully by this point, their new password will have time to sync to O365... Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

• Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, the direct URL input is portal.office.com
  NOTE: Do this on the O365 web portal via computer, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.
• Have them log in via their username@purdue.edu
  NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu
• For their password, use the new password from above
• Once into O365, have them navigate to Outlook.
• Once they've successfully logged into O365 enable MFA for this user.
• Have them click the gear icon in the upper right corner, and then "View all Outlook settings" at the bottom of the sidebar
• Open the "Rules" tab on the left
  • Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
  • Have them remove any malicious rules
• Open the "Sweep" tab on the left
  • Have them remove any sweep rules that they didn't create
• Open the "Forwarding" tab on the left
  • If there's any forwarding rules set to addresses that they don't recognize, have them remove them
• Tell them that they'll want to follow up after the call and review any sent, received or deleted emails to see if there's any issues that need to be addressed.
• Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

6) MFA Enrollment

NOTE: More direction will probably be needed at some point, but see what you can do on your own?

• Direct the user to sign out of O365
• Then sign back in, and they should then see this screen:

• Once prompted during Step 1: How should we contact you? they'll want to select the option for "Mobile App" for authentication, and then "Receive notifications for verification"

• THEORETICALLY, they should be able to follow through and complete the on screen prompts without much assistance.
• Advise them that already established mail profiles (like on mobile devices) usually can't make the transition over to MFA from 1FA, so you'll want to remove the email from your mail client on your phone, then readd it to enable MFA security. Or, if preferred, you can switch over to using the Outlook Mobile App for your email and calendar services."

• If you have any issues, reach out to the MFA Liasion you contacted above.
• Once complete, please detail how the MFA enrollment went in the Tech Notes portion of your ticket, and pass along the same information to the liasion
• They will now be using MFA for their O365 logins, but since it employs 'trusted devices' they will only have to authenticate via MFA once every 14 days.

7) Set Password via apps/account

NOTE: If you set a tempPW via AD, they'll need to go back and set a new Career Account Password now.

• Direct the user to the apps/account page, purdue.edu/apps/account
  NOTE: Since they're already logged in with Boilerkey, they can set their password via their Boilerkey credentials
  NOTE: If they still have the Boilerkey tab open from above, they can just click on the "User Account Information" link at the top of that page.
• In the lower right panel, click the "Reset Password" link near the bottom right.
• Have them set a new password, make sure they get the confirmation message, and then they're done.

Resolution

• End your call and resolve the ticket.