AccessControl is operated by the University Police Department's Security Systems Specialist. Access Control issues, monitors and audits all hard keys and access control cards issued on campus. The analyst is also responsible for maintaining and monitoring the access control system used to track access control enabled doors on campus, as well as various types of alarms. Another main function of Access Control is coordinating door schedules with various campus departments and auxiliaries.
The Security Systems Specialist works closely, and in conjunction, with the Communications Center under the Associate Director of Police Support Services. The Communications Center staff assist the analyst with monitoring the Access Control system 24 hours a day. Any alarms or malfunctions are reported to the Security Systems Specialist, and police officers will respond as appropriate to the various types of alarms reported into the system.
There are two types of access control at SDSU: keys and card access. The keys issued by Key Issue are for academic buildings, not for housing or the campus auxiliaries. In many instances faculty, staff and students may need a mixture of both to perform their responsibilities and academic requirements.
In order for faculty, staff and students to obtain keys, the department must complete the UPD-Authorization for Campus Access workflow in Adobe Sign. Once processed, the recipient will receive an email indicating the key is ready for pick up and must present a Red ID at the service window.
The UPD-Authorization for Campus Access must be signed by the department authorized signer on file with Access Control. Signers may be appointed using the UPD-Authorized Signer for Campus Access Requests workflow in Adobe Sign. The Access Control System Analyst annually audits authorized signers, and the department may update authorized signer information at any time.
The UPD-Authorization for Smart Classroom Podium Access workflow in Adobe Sign should be completed by the department when an individual needs access to the podium found in smart classrooms. This form requires additional authorization and training from Instructional Technology Services.
Broken keys should be returned to Key Issue. Should part of the key break inside the cylinder, contact Facilities Services immediately at
619-594-4754. To replace broken keys, bring the broken key to Key Issue with your Red ID card to exchange it for a replacement.
Students must return or renew their keys each semester or academic year by the designated return date. Departments may renew student keys by completing the UPD- Authorization to Renew Campus Access workflow in Adobe Sign. If not returned or renewed on time, a late fee will be assessed. Registration holds will be placed on students who fail to pay this fee.
Faculty and staff are required to return all keys upon separation from the university or if they move to a different department. TAs and GAs are required to return all keys by their contract end date, provided a copy has been presented to our office. Departments will be charged for any keys not returned by faculty, staff, TAs or GAs. There is a drop box and envelopes located outside of Key Issue for returns after hours.
Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms here.
DomainKeys Identified Mail (DKIM) is a method of email authentication that helps validate mail sent from your Microsoft 365 organization to prevent spoofed senders that are used in business email compromise (BEC), ransomware, and other phishing attacks.
If you use only the Microsoft Online Email Routing Address (MOERA) domain for email (for example,
contoso.onmicrosoft.com): You don't need to do anything. Microsoft automatically creates a 2048-bit public-private key pair from your initial *.
onmicrosoft.com domain. Outbound messages are automatically DKIM signed using the private key. The public key is published in a DNS record so destination email systems can verify the DKIM signature of messages.
But, you can also manually configure DKIM signing using the *.
onmicrosoft.com domain. For instructions, see the Use the Defender portal to customize DKIM signing of outbound messages using the *.
onmicrosoft.com domain section later in this article.
If you use one or more custom domains for email (for example,
contoso.com): Even though all outbound mail from Microsoft 365 is automatically signed by the MOERA domain, you still have more work to do for maximum email protection:
Configure DKIM signing using custom domains or subdomains: A message needs to be DKIM signed by the domain in the From address. We also recommend configuring DMARC, and DKIM passes DMARC validation only if the domain that DKIM signed the message and the domain in the From address align.
For email services that aren't under your direct control (for example, bulk email services), we recommend using a subdomain (for example,
marketing.contoso.com) instead of your main email domain (for example,
contoso.com). You don't want issues with mail sent from those email services to affect the reputation of mail sent by employees in your main email domain. For more information about adding subdomains, see Can I add custom subdomains or multiple domains to Microsoft 365?.
Email authentication protection for undefined subdomains is covered by DMARC. Any subdomains (defined or not) inherit the DMARC settings of the parent domain (which can be overridden per subdomain). For more information, see Set up DMARC to validate the From address domain for senders in Microsoft 365.
If you own registered but unused domains: If you own registered domains that aren't used for email or anything at all (also known as parked domains), don't publish DKIM records for those domains. The lack of a DKIM record (hence, the lack of a public key in DNS to validate the message signature) prevents DKIM validation of forged domains.
DKIM alone is not enough. For the best level of email protection for your custom domains, you also need to configure SPF and DMARC as part of your overall email authentication strategy. For more information, see the Next Steps section at the end of this article.
We provide instructions to create CNAME records for different Microsoft 365 services at many domain registrars. You can use these instructions as a starting point to create the create the DKIM CNAME records. For more information, see Add DNS records to connect your domain.
You use the Defender portal or Exchange Online PowerShell to view the required CNAME values for DKIM signing of outbound messages using a custom domain. The values presented here are for illustration only. To get the values that are required for your custom domains or subdomains, use the procedures later in this article.
In Microsoft 365, two public-private key pairs are generated when DKIM signing using a custom domain or subdomain is enabled. The private keys that are used to sign the message are inaccessible. The CNAME records point to the corresponding public keys that are used to verify the DKIM signature. These records are known as selectors.
To use the procedures in this section, the custom domain or subdomain must appear on the DKIM tab of the Email authentication settings page at =DKIM. The properties of the domain in the details flyout must contain the following values:
We provide instructions to create CNAME records for different Microsoft 365 services at many domain registrars. You can use these instructions as a starting point to create the DKIM CNAME records. For more information, see Add DNS records to connect your domain.
As described earlier in this article, the initial *.
onmicrosoft.com domain is automatically configured to sign all outbound mail from your Microsoft 365 organization, and you should configure custom domains to DKIM signing of outbound messages.
To use the procedures in this section, the *.
onmicrosoft.com domain must appear on the DKIM tab of the Email authentication settings page at =DKIM. The properties of the *.
onmicrosoft.com domain in the details flyout must contain the following values:
If you'd rather use PowerShell to enable DKIM signing of outbound messages using a custom domain, or to customize DKIM signing for the *.
onmicrosoft.com domain, connect to Exchange Online PowerShell to run the following commands.
Before you can configure DKIM signing using the custom domain, you need to add the domain to Microsoft 365. For instructions, see Add a domain. To confirm that the custom domain is available for DKIM configuration, run the following command: Get-AcceptedDomain.
As described earlier in this article, your *.
onmicrosoft.com domain is already signing outbound email by default. Typically, unless you've manually configured DKIM signing for the *.
onmicrosoft.com domain in the Defender portal or in PowerShell, the *.
onmicrosoft.com doesn't appear in the output of Get-DkimSigningConfig.
For a custom domain, if Microsoft 365 is able to detect the CNAME records at the domain registrar, the command runs without error, and the domain is now used to DKIM sign outbound messages from the domain.
If the CNAME records aren't detected, you get an error that contains the values to use in the CNAME records. Check for typos in the values at the domain registrar (easy to do with the dashes, periods, and underlines!), wait a while longer, and then run the command again.
For the same reasons that you should periodically change passwords, you should periodically change the DKIM key that's used for DKIM signing. Replacing the DKIM key for a domain is known as DKIM key rotation.
3a8082e126