As you will know by now, Microsoft Intune is being introduced across the University’s services for all staff, starting with DS personal devices.

It is expected that most staff who have a non-University managed device will be interacting in some way with Microsoft Intune, and to access University resources, you will need to conform to the access policies managed by Intune.

Intune is designed to run in the background and, once configured, should not impact your daily activities. There will be some restrictions on saving data onto personal devices and keeping devices up to date, but these guidelines should already be followed based on the current DT policies.

Intune is a cloud-based enterprise mobility management (EMM) service that helps enable you to be productive while keeping university data protected. The following guide (also linked from the announcement email) will help you pick the appropriate method for your device and profile.

• Intune ensures the University complies with the requirements of Cyber Essentials to maintain and audit access to university services.
• Certified cyber security is a key requirement for our on-going partnerships with external organisations, especially military and government departments.
• Cyber essentials help the university to guard against the most common cyber threats and demonstrates a commitment to cyber security.

Cyber essentials certification is only for staff accessing systems, students are not currently included within the scope.

DT have configured the Intune service within our Microsoft 365 tenant. This is a Mobile Device Management (MDM) and Mobile Application Management (MAM) service specifically designed to protect an organisation’s data from cyber threats.

Policies are configured that check for device compliance. These policies are in-line with the recommendations by the National Cyber Security Centre and Cyber Essentials. For example, policies will include:

• Devices must be on a current and support operating system. This means that they are receiving security updates and patches from the vendor.
• Devices must not have been tampered with, which is referred to as “jailbroken”.
• Applications must be kept up-to-date and any data within the application must not be allowed to be saved onto a personal device outside of the application.

The rollout of Microsoft Intune will be in phases across the organisation; the first rollout planned over the coming weeks will focus on Digital services staff, who are using non-University managed devices to access the network, such as personal phones or laptops.

In the new year we will test additional groups from key services across the organisation before rolling out to the wider University. To aid with the wider rollout we anticipate, based on user feedback, that Digital Services will provide additional support via help videos, roadshows, and pop-up support.

In addition to the above rollout, Digital Services staff will be adding the same protection to corporate devices, PCs, laptops, and Macs.

This is all required before the end of May 2024.

Within App protected devices, the University can only see information about the asset, such as Model, operating system and the protected application, whereas in Full device management, the University can see more detailed asset information alongside what work applications are being managed, such as Outlook or Word.

We will never see personal information such as files, communication logs or passwords, for a full list of what data is captured please see the How to Guide.

We are rolling Intune out first to Digital services to gather feedback, which will help inform our future roll out and have devised a form that shouldn’t take more than a few minutes to complete. We would really appreciate your thoughts and support with this.

Related Knowledge Centre guidance