CIT Managed Devices

Procedure Statement

The purpose of this procedure is to ensure that college-owned endpoints function correctly, improve the user experience, and are in compliance with New York State, SUNY, and College policies and procedures.

Examples of ways in which college-owned endpoints are managed:

• The ability to lock or wipe a device if it has been lost/stolen and data (especially PII) may be compromised All college-owned/state-owned devices provided directly to employees of the college will be encrypted per federal, state, SUNY policies and comply with NIST standards for device encryption
• Encrypted with a machine-specific recovery key
• Randomization of an endpoint-specific local administrator password
• Managing local administrative rights to prevent lateral privilege escalation attacks
• Automatic, managed installation of security patches
• Automatic installation of software for various NYS, SUNY, and college initiatives
• CIT Self Service application for easy software/printer installations, major upgrades, and helpful links

Definitions

Endpoint: A computing device that communicates back and forth with a network to which it is connected. Examples of endpoints include: Desktops, Laptops, Smartphones, Tablets, Servers, Workstations, Internet-of-Things (IoT) devices

Group Policy: Group Policy is a feature of Microsoft Windows operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings.

Mobile Device Management (MDM): Mobile device management is an industry term for the administration of endpoints, such as smartphones, tablet computers, laptops, and IoT devices. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile endpoints.

Procedure

All college-owned endpoints must be managed either through group policy or by being enrolled in an MDM solution. Endpoints must be enrolled in management as soon as they are received.

The Chief Information Officer (CIO) may grant exceptions to this rule if management will affect the endpoint's ability to function correctly. Specific group policy and MDM settings are subject to change and will be routinely reviewed by CIT.

Related Links

• Confidential Information Policy
• New York State Office of Technology Information Services Policies
• IT Asset Management (ITAM)
• Installing Software with the Software Center on Windows
• Managing your Apple computer with the CIT Self Service application

Contact(s)

Paul Jackson
Interim Chief Information Officer & Director
jackson@geneseo.edu

Craig Moscicki
Director, Systems & Identity and Access Management
moscicki@geneseo.edu