Device Management at UConn

Owned by Ashley Mattingly
Last updated: Oct 25, 2024
3 min read

The University of Connecticut uses Device Management platforms to enhance the security of university-owned devices and better protect individuals' and institutional data. ITS uses Intune for Windows and Jamf for Macs.  These are both comprehensive device management platforms that ensure workstations have up-to-date security. This includes:

  • Encryption and data protection

  • Vulnerability assessment

  • Patching

  • Operating system and software updates

  • Endpoint Detection and Response

Why is data encryption important? Encryption transforms information into a form that only authorized users can read.  It protects data, which could be sensitive or confidential, from unauthorized access, safeguarding against identity theft and breaches.

Microsoft Endpoint Detection and Response (EDR)

Enrollment includes Microsoft Endpoint Detection and Response (EDR), which allows ITS to better prevent, respond, and contain attacks targeting UConn.  It also enables ITS to mitigate data exposure. If a machine is compromised, then every device associated with it – every device you’ve logged into and every device on your network – is also at risk. EDR provides us the ability to quarantine a compromised device, prevent spread to other devices, and minimize the damage to the institution.

When a device is lost, stolen, or compromised, a lengthy and intrusive process is initiated to determine what information it contained.  With Intune and Jamf, we can ensure encryption and remotely wipe the device to prevent unauthorized access to your information.  This greatly reduces the institutional response.

Why Does UConn Manage Devices?

The University of Connecticut has policies that govern how data should be stored, accessed, or transmitted on university technology securely and that state our responsibility to protect it. 

  • The Data Classification policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification. 

  • The Data Roles and Responsibilities policy defines the responsibilities of individuals within the organization in protecting the University of Connecticut’s data assets. 

  • The Mobile and Remote Device Security Policy defines the minimum device configuration and requirements for university and non-university owned devices, such as cellphones, tablets, laptops, and other transportable assets.

  • The System and Application Security Policy defines the responsibilities of university employees who are the owner of a technology system, service, or device. Most employees are the identified system owner for their individual university computing device.

  • The Information Technology Acceptable Use Policy defines allowable uses of university technology and systems as well as individual responsibilities for university-owned and personally owned devices used to access university technology or systems.

It can be labor intensive and difficult for individuals to comply with the applicable policies without remote data management like Intune or JAMF.  Failure to do so increases risk and cost to the university.  Device Management ensures that university-owned devices meet policy and security obligations and removes the burden from individuals.

Frequently Asked Questions

Why does the University manage Macs now?

ITS follows what Apple recommends. Apple formerly encouraged self-management. They no longer encourage this and now advise central management.

Only authorized IT administrators responsible for managing and securing university-owned devices have access to limited data. ITS has strict policies, and admins are required to adhere to UConn’s policies and security protocols. In addition to these safeguards, access is audited, and actions taken through Intune and Jamf are logged.

Only authorized IT administrators can push policy updates. These updates are tested and approved before being applied to your device. 

IT administrators push security patches, software updates, and configuration changes. Users can typically install updates at their convenience or wait for a window when they are automatically applied.

UConn IT follows a change management process, which includes testing and scheduling changes during times that minimize disruption to users. Most processes run in the background without significantly affecting speed or responsiveness.

You retain the ability to be the administrator of your Mac with Jamf. You will operate as a standard user to prevent accidental or malicious changes. If you would like to perform an action, such as installing software, as an admin, you can elevate your account for a set period of time. The individual users determine when they wish to elevate their access and do not need to inform ITS.

Device Management ensures that devices meet necessary security and compliance standards for IRB or grant-related work, including encryption and regular updates to mitigate vulnerabilities.