Device Management at the University of Minnesota

Why is Device Management Required?

All devices used for University business must be managed according to policy. Devices that are not carefully configured, updated, and protected by security tools expose the University and its community to theft, disruption, and damage. 

The primary areas of risk include:

• Data: Exposure or theft of sensitive data, such as intellectual property, student records, or employee identity information.
• Money: Theft of employee paychecks, student financial aid, and other assets or fines levied against the University for non-compliance.
• Reputation: Damage to the University of Minnesota’s reputation or that of its faculty or staff.
• Exposure: Infected machines spreading malware to other devices. 

Meeting University Information Security (UIS) policies and standards aimed at securing the University, including but not limited to the Systems and Device Management Standard, is the primary function of device management. Every University employee is responsible for meeting these standards.

What is Device Management?

University of Minnesota Information Technology organizations provide device management services under the direction of University leadership. These services reduce the burden of meeting policy on individual users and significantly decrease risk to the University through a unified, expert, consistent, and secure professional function.

Device management services include:

• Operating system and some software patches delivered within required timelines that are non-disruptive whenever possible.
• Cybersecurity threats mitigated based on criticality with actions ranging from requests for user engagement to global vulnerability patches pushed out to devices immediately.
• Software installations available through self-service, software center, or by calling the IT service desk.
• Security controls, such as password requirements and automated vulnerability scanning, are applied to devices.
• Messaging about changes or check-ins on the device’s status or location through email or pop-up notifications.

This is accomplished by enrolling devices into enterprise management tools and retaining expert staff to deliver the service.

The computer management service is not used to monitor user activity or read user files.

In rare instances, a University business need cannot be accomplished with standard computer management in place. These cases will be evaluated on a case-by-case basis to determine what adjustments or exceptions, if any, can be made. If you believe you have one of these business cases, please fill out the device management exception form to begin the evaluation process.