Mobile Device Setup
Why manage mobile devices?
UMSOM must be sensitive to the data that is held within the organization. In response to Federal, State, and Local laws, we must manage all data that is held on mobile devices. Your whole device can be managed via Microsoft Intune or just the applications themselves through mobile application management policies.
UMSOM Information Services does NOT have the ability to see text messages, passwords, location data, web browsing history, pictures, or any other personal data associated with your mobile device.
What are managed applications?
Managed applications allow the UMSOM IT staff to manage how data can be accessed on a device. By default, data saved inside a managed application like Outlook cannot be moved into a non-managed app (like Photos or Documents). This keeps UMSOM data containerized and allows IT staff to remove this data if the need ever arises (if your device is lost, stolen, or status with the university changes).
Applications currently managed by UMSOM:
Microsoft Authenticator, Azure Information Protection, Microsoft Edge, Microsoft Remote Desktop, Microsoft Stream, Microsoft To Do, Microsoft Outlook, Word, Excel, PowerPoint, OneDrive, Teams, Skype for Business, Groups, Yammer, PowerBI, OneNote, Planner, and SharePoint.
Please note, these are the only applications approved to access UMSOM data via your mobile device on both the iOS and Android platforms. Exception: Apple Native mail application on an Intune enrolled device.
Microsoft Intune is a service that manages your device via the "Intune Company Portal" application for iOS and Android. The primary advantage of using Microsoft Intune is that you’ll be able to use the native mail application app on your device with your UMSOM email (Apple devices only). This will provide a seamless experience if you desire to have your personal and work email under one familiar app. Intune enrollment also eliminates the PIN\Fingerprint requirement for opening managed Microsoft applications.
Advantages of Intune:
- Native Email Access (Apple devices only)
- No PIN/Fingerprint requirement when switching between apps
- Device can be completely wiped in the event of a theft or loss with written approval from student/staff/faculty
Mobile Application Management (MAM)
MAM is a new way to manage UMSOM data on mobile devices. Unlike Intune, it doesn’t require device enrollment, only a broker app to be installed and registered to manage policy for all the apps. On devices that are not configured with a device PIN/Passcode, managed applications will lock every 12 hours requiring a PIN/Fingerprint to unlock. Native email is NOT available, and the only way to view UMSOM email is via the Outlook app for iOS\Android.
Microsoft Authenticator App must be installed prior to setting up Outlook app. User will be prompted to do so if not already done when configuring Outlook.
Intune Company Portal app must be installed before setting up Outlook. User will be prompted to do so during configuration. Please note, this application is only used to manage policy on your device. Sign in is not required to the Company Portal app.