Device Management at UConn

The University of Connecticut uses Device Management platforms to enhance the security of university-owned devices and better protect individual’s and institutional data. ITS uses Intune for Windows and Jamf for Macs. These are both comprehensive device management platforms that ensure workstations have up-to-date security. This includes:

Encryption and data protection
Vulnerability assessment
Patching
Operating system and software updates
Endpoint Detection and Response

Why is data encryption important? Encryption transforms information into a form that only authorized users can read. It protects data, which could be sensitive or confidential, from unauthorized access, safeguarding against identity theft and breaches.

Microsoft Endpoint Detection and Response (EDR)

Enrollment includes Microsoft Endpoint Detection and Response (EDR), which allows ITS to better prevent, respond, and contain attacks targeting UConn. It also enables ITS to mitigate data exposure. If a machine is compromised, then every device associated with it – every device you’ve logged into and every device on your network – is also at risk until they hit a control barrier. EDR provides us the ability to quarantine a compromised device and contain it, minimizing the damage to the institution.

It also enables remote remediation, which vastly reduces the institutional response required if a device is lost, stolen, or otherwise compromised. When a device is lost there is a labor intensive and intrusive process to determine what was on the device. With Intune and Jamf, we can ensure encryption and remotely wipe the device to prevent unauthorized access to your information.

Why Does UConn Manage Devices?

The University of Connecticut has policies that govern how data should be stored, accessed, or transmitted on university technology securely and that state our responsibility to protect it.

The Data Classification policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification.
The Data Roles and Responsibilities policy defines the responsibilities of individuals within the organization in protecting the University of Connecticut’s data assets.
The Mobile and Remote Device Security Policy defines the minimum device configuration and requirements for university and non-university owned devices such as cellphones, tablets, laptops, and other transportable assets.
The System and Application Security Policy defines the responsibilities of university employees who are the owner of a technology system, service or device. Most employees are the identified system owner for their individual university computing device.
The Information Technology Acceptable Use Policy defines allowable uses of university technology and systems as well as individual responsibilities for university-owned and personally owned devices use to access university technology or systems.

Failure to comply with standards comes at a cost to the University because it increases risk. It is very labor intensive and difficult for individuals to comply. Device Management ensures that university-owned devices meet policy and security obligations and removes the burden from individuals.

Frequently Asked Questions

Why does the University manage Macs now?

ITS follows what Apple recommends. Apple formerly encouraged self-management. They no longer encourage this and now advise central management.

Who has access to the data on my computer?

Only authorized IT administrators responsible for managing and securing university-owned devices have access to limited data. ITS has strict policies, and admins are required to adhere to UConn’s policies and security protocols. In addition to these safeguards, access is audited, and actions taken through Intune and Jamf are logged.

Who can push updates to my device and what are they?

Only authorized IT administrators can push policy updates. These updates are tested and approved before being applied to your device.

IT administrators push security patches, software updates, and configuration changes. Users can typically install updates at their convenience or wait for a window when they are automatically applied.

Will Device Management slow down my computer?

UConn IT follows a change management process, which includes testing and scheduling changes during times that minimize disruption to users. Most processes run in the background without significantly affecting speed or responsiveness.

Why am I no longer the admin of my Mac?

You retain the ability to be the administrator of your Mac with Jamf. You will operate as a standard user to prevent accidental or malicious changes. If you would like to perform an action, such as installing software, as an admin, you can elevate your account for a set period of time. The individual users determine when they wish to elevate their access and do not need to inform ITS.

How does device management impact IRB or grant security requirements?

Device Management ensures that devices meet necessary security and compliance standards for IRB or grant-related work, including encryption and regular updates to mitigate vulnerabilities.

Can Jamf and Intune monitor my email or files?

Neither Intune or Jamf monitor your emails, documents, or personal files or register your keystrokes. It is focused on device configuration, security compliance, and software management.

Can I manage my own device if I have concerns?

It is difficult and labor intensive to individually comply with the standards that University must meet. If a device needs exemptions from the security practices, then we still must adhere to the standards and ensure they are met in other ways. Exemptions come with stipulations, such as separating the device from the main network, air gapping, or placing them in monitored, access-controlled locations.

For most devices and situations, management greatly reduces the burden of compliance for individuals and improves the security and performance of their devices.