VPN Login Change

• VPN users will be redirected to a web browser for Enterprise Authentication prompt instead of the AnyConnect prompt when logging into the service. EID authentication and the Duo MFA challenge will align with other Enterprise Authentication based services.
• SMS Passcode authentication will no longer be available. Users currently using this method will need to convert to an alternative method.
• Additional details regarding MFA can be found on KB0018240. 

Duo MFA Change 

• On September 26, 2023, changes were made to Duo Multi-Factor Authentication for all UT Austin users to remove the Duo Mobile Push and SMS Passcode methods due to their susceptibility to social engineering attacks. These changes were activated for all services using Enterprise Authentication for authentication. 
• The campus VPN service was granted a temporary exception to continue allowing legacy Duo MFA methods due to its reliance on the AnyConnect internal authentication mechanisms instead of SAML external authentication (I.e. Enterprise Authentication).
• In addition, this change puts us in alignment with Duo’s ongoing service offerings.
• Additional details regarding the Duo MFA changes can be found on KB0019312. 

Retirement of VPN Start Before Login 

•  As part of this change, VPN Start Before Login (SBL) will be deprecated in favor of VPN Device Tunnel, which will be made available to all EPM-managed Windows devices by Jan 23, 2024. 
• EPM is offering early pilot testing to units who wish to use the VPN Device Tunnel. Interested units can contact the EPM team by emailing epm-requests@its.utexas.edu.