Device Administration and Conditional Access FAQ

Summary

By implementing smart device administration and conditional access, we empower every stakeholder to fortify our digital defenses, ensuring robust protection against cyber threats. Together, we safeguard our future and together we will move forward.

Body

Glossary

Device Administration: A security measure that helps ensure that devices are secure, up-to-date, and compliant with organizational policies, with the goal of protecting the network and data from unauthorized access. Device Administration allows  the University  to select frequency of Windows updates, configuration of security policies, and deployment of University applications.

Conditional Access: This feature of Microsoft Device Administration restricts access to resources based on specific conditions. It ensures that only devices meeting security compliance can access sensitive data, thereby enhancing security, especially in environments where personal devices are used for work​.

 

FAQ

Why does the University of Windsor need Device Administration?

Device administration plays a crucial role in safeguarding systems, protecting sensitive data, ensuring regulatory compliance, and facilitating secure and efficient access to resources. Device Administration and Conditional Access policies are prevalent among higher education institutions, with nearly all our peers in Ontario rolling such programs, including the University of Toronto, University of Waterloo, and Queen’s University. UWindsor’s IT policies prioritize security while accommodating the diverse needs of our community. This is integral to enhancing the University’s data strategy, which is a foundational commitment of our strategic plan, Aspire.

What does the Conditional Access Policy enable?

The Conditional Access policy facilitates web-based MS 365 product usage via portal.office.com with multifactor authentication (MFA), ensuring accessibility for all devices, irrespective of their registration status in the Device Administration system. Access to systems with confidential or personal information about students, staff, or faculty are restricted to devices registered in the Device Administration system. It is part of our ongoing efforts to foster an informed and responsible data management culture at the University of Windsor.

If I do not register my device (e.g. laptop, cell phone) is my access to University programs and services limited?

Our Conditional Access policy allows accessibility to MS365 for all devices, irrespective of their registration status in the Device Administration system. For instance, you can access web-based programs like University email, Teams, calendars, OneDrive, and files from your laptop computer, even if your personal device is not registered. The only exception for MS365 is if you want the University’s Teams app on your mobile phone. However, it is important to note that mobile phones are not mandatory for University work. You can still access Teams from the web via your laptop or computer, and all other web-based files (e.g. email, calendars) from your personal, non-registered cell phone and/or laptop computer. Access to systems with confidential or personal information about students, staff, or faculty is restricted to devices registered in the Device Administration system.

Will the Conditional Access Policy Result in Delays in Responding to Emails and Teams Messages?

As previously noted, you have the freedom to access web-based University systems from your personal home computer or cell phone, even if they are not registered in the Device Administration System. This ensures that there is no need to worry about delayed responses to communications.

Am I required to register my cell phone?

Cell phones are not required for University tasks. Also, using web-based email and calendars does not necessitate enrolling personal devices in the Device Administration system.

Does the Conditional Access Policy Compromise Privacy?

The University’s IT policies prioritize data protection while respecting privacy. Device Administration capabilities (e.g., remote wiping) are strictly limited to University data. Personal device functionality such as location tracking and remote wiping, remain under user control. It is critical to emphasize that conditional access does not grant access to calling and web browsing history, emails and texts, contacts, calendar, passwords, pictures, Apple/Google Pay, or files.

Will the Conditional Access Policy compromise the confidentiality of my research?

The University upholds strict confidentiality across all IT policies, including those pertaining to research systems. Our policies align with federal mandates for research security and data management, reinforced by comprehensive IT security training and access protocols. Conditional Access or Device Administration do not provide any specific elevated access to researcher files outside of any existing capabilities provided to Administrators of OneDrive. As such, if researchers store files on external hard drives, USB Sticks, or 3rd party locations as defined by their research data management plans, the University has no ability access those files. 

What is the University doing to ensure the security of research, information and data?

Data and research security, a growing challenge for all Canadian institutions, is actively addressed at the University of Windsor. We work to identify and minimize risks to researchers' work, including unauthorized access, interference, or theft. This collective effort involves researchers, institutions, funding organizations, and governments, sharing responsibility to identify and mitigate potential national security risks in research. We prioritize the security of all data stored or shared via University of Windsor platforms.

We remain committed to ongoing discussions and refining our Conditional Access approach to ensure that it aligns with our core values of security, privacy, and accessibility.

 

Details

Details

Article ID: 151390
Created
Tue 4/16/24 3:51 PM
Modified
Thu 7/25/24 4:11 PM

Related Articles

Related Articles (1)

Device compliance-based conditional access policy requires registered and compliant device to sign into Yuja desktop app but access is not granted to user when attempted on a managed and compliant device. This article provides a workaround for this issue.