Middlebury

Secure Storage MDM Enrollment

Revision as of 12:36, 9 September 2020 by Thomas Hugo (talk | contribs)


Introduction

Middlebury is introducing secure storage for sensitive data. We will use Microsoft Teams and its underlying SharePoint infrastructure to store this data, restrict access to appropriate users and secured devices, and ensure organizational compliance with our DCP (Data Classification Policy).

The DCP can be found here

ITS will work with your team to configure secure storage. Once setup is complete, a “Sensitive” label will be visible for the secure team at the top of the Teams app and the top of its SharePoint site.

One requirement to access sensitive data normally is that your device is enrolled in Middlebury’s MDM, or Mobile Device Management. This allows Middlebury to remotely install software, determine if your device is encrypted and compliant with organizational policies, as well as lock or erase the device if it is lost or otherwise compromised.

If you attempt to access sensitive data from an unmanaged device, you will be limited to “web only” access. Essentially, you will be able to view and change Office files using the web interface, but you will not be able to download, print, or sync data to your device.

Windows MDM Enrollment Steps

  1. First, here to start the enrollment process.
  2. Confirm that you want to switch apps by clicking “Yes”.
  3. Enter your Middlebury email address and password, then complete the MFA prompt if you are off campus.
  4. If authentication is successful, you will see the following screen.
  5. To confirm that your device is enrolled, open the “Settings” app, then navigate to Accounts”, then “Access work or school” and you can see that you are connected to Middlebury College MDM.

Mac MDM Enrollment Steps

  1. Open the "Self Service" application.
  2. Search for "Intune" to find "Intune Registration" and click "Secure Mac"
  3. Click "Secure Mac" again to start installing the "Company Portal"
  4. Once installation is complete, the Company Portal app will open. Click "Sign In"
  5. Login with your Middlebury email address and password, completing MFA if necessary.
  6. Enter your password again at the macOS keychain prompt and click "Allow"
  7. Once you are logged in, the app will inform you of your device registration, then showing this success screen:
  8. Jamf Self Service moves onto final cleanup steps (now that the device is registered), then reports as finished.
  9. Note that while the Company Portal bears some resemblance to the Jamf Self Service app, they serve different complementary functions. This banner is found at the bottom of the Company Portal:
  10. Upon next login with the Company Portal, there will be a prompt to allow/block notifications from the application.