Exchange access from 1 December 2023 only possible from the campus network or via VPN

As announced in the President’s newsletter 40/2023 (German only), we would like to inform you about a change to the Microsoft Exchange service. Exchange has been operated by the URZ since 2014 as a central groupware service for managing calendars and appointments. It can also be used to send e-mails and manage contacts if the Exchange mailbox is used as the main mailbox. The Exchange mailbox can be accessed with a wide range of software products, e.g. with mail clients such as Thunderbird, Microsoft Outlook, Apple Mail and from Android and iOS mobile devices.

What will change?

Previously, the Exchange service could be accessed from anywhere on the Internet. This exposes the Exchange servers to a variety of threats. After re-evaluating all the resulting risks, we have come to the conclusion that this mode of operation can no longer be maintained for security reasons. From 1 December 2023, the Exchange servers will therefore be accessible from the campus network.

What impacts does this have?

This security measure means first of all that you can not retrieve appointments or e-mails from your exchange mailbox when you are outside the campus network.

You are usually outside the campus network when:

  • your smartphone is connected to the Internet via the mobile data connection,
  • you are working in your home wifi,
  • you are travelling on business or working remotely.

In theses cases, you need to become active as described below, in order to continue using Exchange.

You are inside the campus network when:

  • your device is connected to the wifi „eduroam“ or „tu-chemnitz.de“ in buildings or branch offices of Chemnitz University of Technology,
  • your device is connected to the Chemnitz University of Technology campus network via data cable,
  • you are dialled into the Chemnitz University of Technology campus network via VPN client while travelling or working on the move.

If only these cases apply to you, you don’t need to become active. You are not affected by the change.

Persons, who do not use the TUC Exchange service are also not affected. In the IdM-Portal you can check, whether you have an Exchange mailbox. The Exchange mailbox would be shown there.

What do I have to do?

In order to continue using the service as usual, your end device must dial into the campus network from 1 December 2023 if you intend to synchronise appointments or retrieve or send e-mails. For this, a so called VPN client is necessary. The setup of a VPN access is described on the corresponding URZ websites.Therefore, please set up appropriate VPN access on your devices by 1 December 2023 in order to be able to continue working as usual. For new setups we recommend using „eduVPN“. Existing accesses via „Cisco AnyConnect“ can continue to be used.

No changes need to be made to the settings of your Exchange profiles or the e-mail or calendar settings on the end devices. All previously set up mailboxes and calendars can remain in place.

Why are these changes necessary?

So far, the Exchange servers of the Chemnitz University of Technology are accessible to around 5 billion Internet users – completely independent from whether they have a user account at the Chemnitz University of Technology. Exchange is a very complex software programme. Past experience has shown that, due to this complexity regularly reveals weaknesses that need to be closed within a very short time. must be closed within a very short time. Otherwise, malicious attackers could penetrate the IT systems of the university to infect it with malware or extract sensitive data. In this case, due to the technically conditioned close dovetailing of the Windows servers, not only the Exchange servers would be threatened but also all  computers, where Microsoft Windows is used.

The protective measure that has now been taken ensures that an access to the Exchange servers is only possible if a connection to the campus network of the Chemnitz University of Technology with a valid user account has been created before. This significantly reduces the potential attack surface and therefore also the risk of a lengthy and unpleasant IT service outage as a result of an IT security incident.

Through this measure, we all contribute to the protection of the IT infrastructure of our university.

We would like to thank our users for their understanding of this protective measure.

Leave a Reply