Middlebury

Difference between revisions of "Secure Storage MDM Enrollment"

 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
 
 
  
 
=== <span style="font-size:larger">'''Introduction'''</span> ===
 
=== <span style="font-size:larger">'''Introduction'''</span> ===
Line 16: Line 13:
  
 
If you attempt to access sensitive data from an unmanaged device, you will be limited to “web only” access. Essentially, you will be able to view and change Office files using the web interface, but you will not be able to download, print, or sync data to your device.
 
If you attempt to access sensitive data from an unmanaged device, you will be limited to “web only” access. Essentially, you will be able to view and change Office files using the web interface, but you will not be able to download, print, or sync data to your device.
 +
 +
[[File:SecureStorage-webOnlySharepoint.PNG|500px|SecureStorage-webOnlySharepoint.PNG]]
 +
  
 
=== <span style="font-size:larger">'''Windows MDM Enrollment Steps'''</span> ===
 
=== <span style="font-size:larger">'''Windows MDM Enrollment Steps'''</span> ===
  
#First, [ms-device-enrollment:?mode=mdm click here to start the enrollment process.]  
+
#First, [ms-device-enrollment:?mode=mdm click here to start the enrollment process.]
#Confirm that you want to switch apps by clicking “Yes”.  
+
#Confirm that you want to switch apps by clicking “Open”.<br/> [[File:MDM-TryingToOpenMicrosoftAccount.PNG|500px|MDM-TryingToOpenMicrosoftAccount.PNG]] &nbsp;
#Enter your Middlebury email address and password, then complete the MFA prompt if you are off campus.  
+
#Enter your Middlebury email address and password, then complete the MFA prompt if you are off campus.<br/> [[File:MDM-SetupWorkOrSchool.png|500px|MDM-SetupWorkOrSchool.png]]
#If authentication is successful, you will see the following screen.  
+
#If authentication is successful, you will see the following screen.<br/> [[File:MDM-SettingUp.png|500px|MDM-SettingUp.png]]
#To confirm that your device is enrolled, open the “Settings” app, then navigate to Accounts”, then “Access work or school” and you can see that you are connected to Middlebury College MDM.
+
#To confirm that your device is enrolled, open the “Settings” app, then navigate to Accounts”, then “Access work or school” and you can see that you are connected to Middlebury College MDM.<br/> [[File:MDM-SettingsConfirmation.png|500px|MDM-SettingsConfirmation.png]]
 +
 
  
 
=== <span style="font-size:larger">'''Mac MDM Enrollment Steps'''</span> ===
 
=== <span style="font-size:larger">'''Mac MDM Enrollment Steps'''</span> ===
  
 
#Open the "Self Service" application.  
 
#Open the "Self Service" application.  
#Search for "Intune" to find&nbsp;"Intune Registration" and click "Secure Mac"  
+
#Search for "Intune" to find&nbsp;"Intune Registration" and click "Secure Mac"<br/> [[File:Mdm-mac-selfService.png|200px|Mdm-mac-selfService.png]]
#Click "Secure Mac" again to start installing the "Company Portal"  
+
#Click "Secure Mac" again to start installing the "Company Portal"<br/> [[File:Mdm-mac-intuneReg.png|500px|Mdm-mac-intuneReg.png]]
#Once installation is complete, the Company Portal app will open. Click "Sign In"  
+
#Once installation is complete, the Company Portal app will open. Click "Sign In"<br/> [[File:Mdm-mac-CompanyPortal.png|500px|Mdm-mac-CompanyPortal.png]]
 
#Login with your Middlebury email address and password, completing MFA if necessary.  
 
#Login with your Middlebury email address and password, completing MFA if necessary.  
#Enter your password again at the macOS keychain prompt and click "Allow"  
+
#Enter your password again at the macOS keychain prompt and click "Allow"<br/> [[File:Mdm-mac-keychain.png|500px|Mdm-mac-keychain.png]]
#Once you are logged in, the app will inform you of your device registration, then showing this success screen:  
+
#Once you are logged in, the app will inform you of your device registration, then showing this success screen:<br/> [[File:Mdm-mac-complete.png|500px|Mdm-mac-complete.png]]
#Jamf Self Service moves onto final cleanup steps (now that the device is registered), then reports as finished.  
+
#Jamf Self Service moves onto final cleanup steps (now that the device is registered), then reports as finished.<br/> [[File:Mdm-mac-installing.png|500px|Mdm-mac-installing.png]]
#Note that while the Company Portal bears some resemblance to the Jamf Self Service app, they serve different complementary functions. This banner is found at the bottom of the Company Portal:  
+
#Note that while the Company Portal bears some resemblance to the Jamf Self Service app, they serve different complementary functions. This banner is found at the bottom of the Company Portal:<br/> [[File:Mdm-mac-banner.png|500px|Mdm-mac-banner.png]]
 
#Upon next login with the Company Portal, there will be a prompt to allow/block notifications from the application.  
 
#Upon next login with the Company Portal, there will be a prompt to allow/block notifications from the application.  
 
&nbsp;
 
  
 
&nbsp;
 
&nbsp;

Latest revision as of 19:58, 9 September 2020

Introduction

Middlebury is introducing secure storage for sensitive data. We will use Microsoft Teams and its underlying SharePoint infrastructure to store this data, restrict access to appropriate users and secured devices, and ensure organizational compliance with our DCP (Data Classification Policy).

The DCP can be found here.

ITS will work with your team to configure secure storage. Once setup is complete, a “Sensitive” label will be visible for the secure team at the top of the Teams app and the top of its SharePoint site.

SecureStorage-TeamLabel.png

One requirement to access sensitive data normally is that your device is enrolled in Middlebury’s MDM, or Mobile Device Management. This allows Middlebury to remotely install software, determine if your device is encrypted and compliant with organizational policies, as well as lock or erase the device if it is lost or otherwise compromised.

If you attempt to access sensitive data from an unmanaged device, you will be limited to “web only” access. Essentially, you will be able to view and change Office files using the web interface, but you will not be able to download, print, or sync data to your device.

SecureStorage-webOnlySharepoint.PNG


Windows MDM Enrollment Steps

  1. First, click here to start the enrollment process.
  2. Confirm that you want to switch apps by clicking “Open”.
    MDM-TryingToOpenMicrosoftAccount.PNG  
  3. Enter your Middlebury email address and password, then complete the MFA prompt if you are off campus.
    MDM-SetupWorkOrSchool.png
  4. If authentication is successful, you will see the following screen.
    MDM-SettingUp.png
  5. To confirm that your device is enrolled, open the “Settings” app, then navigate to Accounts”, then “Access work or school” and you can see that you are connected to Middlebury College MDM.
    MDM-SettingsConfirmation.png


Mac MDM Enrollment Steps

  1. Open the "Self Service" application.
  2. Search for "Intune" to find "Intune Registration" and click "Secure Mac"
    Mdm-mac-selfService.png
  3. Click "Secure Mac" again to start installing the "Company Portal"
    Mdm-mac-intuneReg.png
  4. Once installation is complete, the Company Portal app will open. Click "Sign In"
    Mdm-mac-CompanyPortal.png
  5. Login with your Middlebury email address and password, completing MFA if necessary.
  6. Enter your password again at the macOS keychain prompt and click "Allow"
    Mdm-mac-keychain.png
  7. Once you are logged in, the app will inform you of your device registration, then showing this success screen:
    Mdm-mac-complete.png
  8. Jamf Self Service moves onto final cleanup steps (now that the device is registered), then reports as finished.
    Mdm-mac-installing.png
  9. Note that while the Company Portal bears some resemblance to the Jamf Self Service app, they serve different complementary functions. This banner is found at the bottom of the Company Portal:
    Mdm-mac-banner.png
  10. Upon next login with the Company Portal, there will be a prompt to allow/block notifications from the application.

 

Powered by MediaWiki