1 / 24

Secure Mobility: Implementing Effective Mobile App Management Solution at Roger Williams University

Discover the successful implementation of a Mobile App Management solution at Roger Williams University, covering RWU facts, security measures, MAM vs. MDM, MAM configuration, communication strategies, rollout insights, and lessons learned.

shields
Download Presentation

Secure Mobility: Implementing Effective Mobile App Management Solution at Roger Williams University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Yes MAM!Implementing a Mobile App Management Solution Roger Williams University March 27, 2018 Daryl Ford – Chief Information Officer​ ​ Ryan Tiebout – Associate Director of Systems & Operations​ ​ Karen Ethier – Director of Support Services​

  2. Agenda • RWU Facts • RWU Security • MAM vs. MDM • MAM Configuration and Policies • Communication • Rollout • Lessons Learned

  3. Daryl Ford Chief Information Officer dford@rwu.edu 401-254-3148

  4. Roger Williams University Fast Facts • Two Campuses • Bristol RI, Main Campus w/ Law School • Providence RI, Continuing Studies and some Law • 5504 Students (3841 Undergrad, 304 Grad, 930 Continuing Studies, 429 Law School) • 256 Faculty, 603 Adjuncts • 987 Staff (Full & Part Time) • o365 (Faculty & Staff) , Google (Students)

  5. Roger Williams University Security Program • Started in Summer 2016 in response to 2015 Identity Theft Protection Act (effective July 2016) – R.I.G.L. Risk-Based Information Security Program • Program Components: • CSO assignment • IT risk assessment (controls audit) • PII Inventory • WISP vendor amendment • Implement Electronic Safeguards • Laptop full-disk encryption - Bitlocker • 2-factor email authentication - o365 Azure Multifactor Authenticator • Mobile Device Management - MAM • Information Security Training Program • RWU Information Security Website

  6. The Challenge • IT found good solutions for laptopencryption and 2-factor but determining a viable product for smartphone data management in BYOD environment was a challenge. • Faculty population very resistant to increased security measures. • Mobile Device Management (MDM) products too intrusive.

  7. Ryan Tiebout Associate Director of Systems & Operations  rtiebout@rwu.edu 401-254-3414 Areas of responsibility include: Server and Application Management, Database Developer

  8. Comparing Mobile ManagementSolutions MAM MDM Entire device enrolled and protected End-user has to enroll entire personal device Remote wipe of entire device is the only option Policies target the entire device including personal apps Application level targeted security Only the organizations data in the apps enrolled Allows for remote wipe of only MAM protected apps Policies applied to apps containing University data

  9. MAM Information • MAM only gets applied to supported iOS/Android devices and associated Microsoft apps. • Windows Mobile devices are not supported. • Default Mobile Mail client access using ActiveSync can be disabled to force users to use Outlook as their mail app. • Conditional Access for Exchange Online • How to apply policies to the end users and devices? • Users targeted by both a license and o365 security group membership. • Targeting users in this way allows for staged rollout.

  10. MAM Policy Policy Settings Examples List of Apps Targeted Outlook OneDrive Teams Office Apps Managed Browser Skype Planner • Prevent Backups • Allow app to transfer data to another app • Restrict Copy/Paste • Encrypt App Data • Require PIN or use device security for accessing protected apps • Require minimum OS version and/or App version

  11. Apps protected by PIN andBiometrics

  12. MAM License Management • There were two ways we could have managed licenses; • Buy enough licenses for all our users • Buy only licenses for those who use a mobile device • MAM licenses are assigned per user account regardless of if they use a Mobile device or not. • Maintain an Excel spreadsheet that is populated with data exported from Office365 • Users who have a MAM license • Powershell export of Security Group • Users who are connecting using a Mobile Device • Email App Usage Report

  13. Karen Ethier Director of Support Services kethier@rwu.edu 401-254-5330 Areas of responsibility include: Helpdesk, Desktop Support, Classroom and Event Support

  14. Communication http://it.rwu.edu/secure • External and internally-produced content • Organized by the main goals/targets of the security program • Spam/phishing • Protecting your identity • Protecting your computer • Protecting university data • Security issues • Training • All IT department communications about security drives users to this site for more information

  15. Communication MAM FAQ • Inventing the wheel • Community demand for more narrative, more information • FAQ was in a state of constant tweaking during the early stages of the rollout. • Sample questions: • How will MAM impact my personal applications or personal data? • Will I be able to continue to access my RWU email through the Mail app on my phone? • I opened the Intune Company portal and it is prompting me to register my device. • MAM has been enabled on my device, but I haven't been prompted to register my RWU apps yet. • Is the PIN secure? • I lost my personal cell phone or tablet?  What should I do?

  16. Communication Emails • Elements to include: • The "why" (ie. Equifax breach) • When • How to prepare • Link to FAQ and website • What to expect • How to get help • Evolved throughout the process

  17. When Colleagues: Starting on Monday (9/11/17) the IT department will begin the testing phase of our new Mobile Application Management (MAM) tool.  The testing phase will encompass all members of IT who utilize any iOS or Android device to access RWU resources (ie. Email, OneDrive, MS Office, etc.) The implementation process is as follows: 1.  Starting at 9am on Monday morning, IT will enable the MAM function for all IT staff.  This is strictly a backend process and doesn't require a technician visit.  You will be prompted to register once MAM has been activated. 2.  If you don't use the Outlook App from the iOS or Android app store, you'll be required to do so. 3.  You'll be required to install the Microsoft Authenticator App from the iOS (if you have 2-factor authentication, you may already have the app installed) or the Intune Company Portal from the Android app store.  MAM will also require you to use a PIN or fingerprint to access the applications associated with it. The testing phase will last form 9/11-9/15.  We're looking for your feedback during the testing phase.  Please email any issues to mediatech@rwu.edu with the subject line MAM or call 401.254.6363. Thank you, Daryl Ford What to expect How to get help Missing:  "Why", Links to documentation, how to prepare

  18. Why • Colleagues: • As you know electronic information security is extremely important in the age of data breathes (Equifax, Target, etc).  Over the last two years Roger Williams University has enhanced its data security protocols and will continue to do so.  There are additional protocols being announced in regards to access to University data via mobile devices. • Starting Monday (10/2/17), the IT department will begin the next implementation phase of our new Mobile Application Management (MAM) platform for all staff and administration only that have not already been converted.  MAM is a set of tools designed to wrap and protect only data associated with RWU (ie. Email, OneDrive).  MAM does not touch your personal applications or data.  The implementation phase will encompass all members of the RWU community currently utilizing an iOS or Android device to access RWU resources. • Please note that staff who do not access RWU email or any RWU data via their iOS or Android device do not need to download the apps.  Also, because of security concerns, iOS and Android devices that no longer support OS security upgrades (ie. IPhone 4 or older) will need to be upgraded before the MAM rollout. • *Important* • Prior to 10/2/17, please RESTART your device and download the following apps to your phone and/or tablet from the iOS or Android app store: • Microsoft Outlook • Microsoft Authenticator App (iOS/Apple) or Intune Company Portal (Android) • Microsoft Intune Managed Browser (if you want to be able to click on links from your RWU email) • Prior to 10/2/17, please review the MAM FAQ's for more information at-- • MAM FAQ's Website  • The implementation process is as follows: • 1.  Starting at 9am on Monday morning, IT will enable the MAM function for all staff and administration.  This is strictly a backend processes and doesn't require a technician to visit you.  You will be prompted to register your device once MAM has been activated. • 2.  You'll be required to install the Microsoft Authenticator App from the iOS app store or the Intune Company Portal from the Android app store if you haven't already done so.  If you have 2-facotr authentication, you may already have the app installed on your iOS device.  MAM will also require you to use a pin or fingerprint to access the applications associated with it. • 3.  If you haven't installed the Outlook App from the iOS or Android App Store, you'll be required to do so.  You will only be able to access RWU email via the Outlook app.  Native iOS and Android email will no longer provide access to RWU email. • Please email any issues to mediatech@rwu.edu with the subject line MAM or call 401.254.6363 if you need assistance. • Thank you, • IT Management When How to prepare Link to documentation What to expect How to get help

  19. Rollout Schedule • 9/6/17:  Security group • 9/11/17:  IT Department • 9/18/17:  Stipend holders • 10/2/17:  Faculty and staff who choose to use mobile Principles • Self-service • Helpdesk not desktop support • Promotion of Microsoft apps and the value of MAM over MDM

  20. Rollout Helpdesk Calls • About 12% opened a helpdesk call or stopped by the desk • "My email just stopped working!" • Older iPhones • "But do I HAVE to use the Outlook app?"  • Wanted assistance with the process

  21. Lessons Learned • Communicate Early and Often • Email • Dean’s Council • President’s Cabinet • Faculty Senate and Subcommittees • Individual Faculty and Staff • Develop good supporting documents (i.e. FAQs, online knowledgebase) • Add new policies or revise old policies for BYOD • Apply strictest policies, then dial back only when it makes sense • Set hard dates

  22. Questions?

  23. Please take a moment to evaluate this session There are two ways to access the session and presenter evaluations: 1.  In the online agenda, click on the "Evaluate Session" link 2.  From the mobile app, click on this session from the schedule.  The evaluation will be under associated "Resources" for the presentation.

  24. Thank You!

More Related