This is the third in a series of articles covering data security and privacy in Rutgers Connect, addressing both the standards and capabilities of the Office 365 platform and the Rutgers-specific customizations and policies related to these topics.
The first entry in the series, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security, introduced users to security and data resiliency features native to the Office 365 platform.
It was followed by Rutgers Connect Security and Trust Part Two: Rutgers-Specific Implementation and Policies, which covered the customizations made and policies enacted to protect users’ privacy in Rutgers Connect.
In this third and final article, we will discuss Mobile Device Management.
Reasons to Use MDM
Mobile Device Management is a suite of software and policies designed to ensure that end-user and University data stored on mobile devices is secured from unauthorized access. Modern mobile devices are far more advanced than old-style mobile telephones; they are full-powered computers that go with us everywhere. Unfortunately, these devices are often unsecured from casual access by unauthorized parties, and they are easily lost or stolen. MDM enrollment helps reduce the security risk these factors pose.
While MDM enrollment is not mandatory, users who chose to not enroll their devices in the Rutgers Connect MDM system may only access Rutgers Connect services via the mobile web interface. For many, this is sufficient. However, users desiring more advanced integration, including the ability to edit and share Office files, full calendar integration, device caching of email and other data, access to OneDrive-hosted files, etc. must enroll their devices.
MDM Requirements & Capabilities
There is a considerable amount of confusion and misinformation about what Rutgers can and cannot do to a enrolled mobile device. While other products offered by Microsoft may be able to enforce more advanced policies and controls (as reflected by warnings presented during the enrollment process), the version purchased by and available to Rutgers University cannot track users’ movements or access any data on the device, including any data about usage, installed software, personal data, photographs, etc. The MDM product’s capabilities are limited to enforcing certain basic security settings and providing remote wipes of the device when requested by the user.
As configured and supported by the University, the only requirements most users will have to comply with for MDM enrollment are securing the phone with a simple lock screen PIN and accepting the remote wipe access. Users who are subject to HIPAA regulations must also ensure that all data on the device is encrypted and use a more complicated PIN. In all cases, more modern devices which support fingerprint authentication can use that method as a substitute for the PIN when unlocking the device, but the PIN will still be required at device startups and reboots.
Rutgers University will never initiate a remote device wipe without the express permission and request of the device owner. This option is available to the owner of a device, the delegated Connect administrators for their department, and select OIT Connect administrators. The use of this feature is limited to cases where a device has been lost or stolen and the device owner requests that all data on the device be wiped to secure it from any chance of unauthorized access.
More information about MDM and configuration of mobile devices can be found here.
Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke
This concludes our three-part series of articles on Security and Trust in Rutgers Connect, but stay tuned for other topics to be covered in future articles.
If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to firstname.lastname@example.org.