In order to protect Rutgers' data on mobile devices, mobile devices that are linked with Rutgers Connect are required to have a Mobile Management Policy installed. There are two different policies for Rutgers users, one for those who work with Protected Health Information (PHI) data and one for everyone else.
Users who work with PHI can find the details of that polcy here: https://oit.rutgers.edu/connect/using/mdm-policy-rbhs
Users who do not work with PHI have a much less stringent policy that is detailed here: https://oit.rutgers.edu/connect/using/mdm-policy
In order to implment these policies, the Microsoft InTune software must be installed on your device. When installing the software, the device will ask you to agree to all the functions the software can perform. This list includes the list of features that the full version of Microsoft InTune can perform. Rutgers Connect is not capable of utilizing most of these features. The only thing that Office 365 is set to do for non-PHI users is require some type of lock on the device (pin/swipe/fingerprint/etc), ensure the device is not jailbroken/rooted and remote wipe the device. (Device wipes will only be performed at the user's request).
Users handling PHI have the additional protections specified at the page linked above. Most users in SAS do not work with PHI and will only be required to agree to the less stringent management policy.
The version of the management software that is included in our Office 365 license isn't the full InTune package, it's a stripped down package that doesn't have all of the capabilities of the full version. However, there is no stripped down version of the client so you're seeing all the capabilities that the client has, even though Office 365 doesn't have those capabilities. In short, even if someone decided to violate policy and tried to use this tool to, for example, to pull data off of your phone, they can't. The software we're using doesn't have the capability.
Here's a link to everything that Office 365 is capable of:
You'll notice that this list does not include things like adding or removing apps or accessing your data. The only capabilities are those that would allow for the protection of institutional data from being available should the device be lost or stolen.
If you still do not want to agree to the management policy, you can still access your Rutgers Connect data by using your mobile device's web browser to access http://connect.rutgers.edu.
Why a Mobile Management Policy is Important
The mobile management policy for Protected Health Information (PHI) users is mandated by law. Anyone dealing with PHI must have the mobile management policy. For users who do not work with PHI, only the minimum protections are put in place. Having a password on any device that contains Rutgers data is Rutgers policy in addition to being a common sense security practice. Without a password/pin on your device, anyone can simply pick it up and access all of the information on the device.
The ability to wipe the phone is necessary because the device is not being encrypted and PINs can be broken. Mobile devices can contain an enormous amount of data in addition to having saved passwords so they can continue to access any new information. If the person who finds the phone guesses the PIN or they connect the device to a computer, the infromation on an unencrypted device can still be downloaded. Having the ability to remote wipe the device allowed all the data (yours and Rutgers') to be protected. This feature will only be used if the user notifies IT support that their device has been lost and needs to be wiped and, if the device is setup properly, all the data on the device should still reside on the servers or in the providers cloud server so it can be restored.
Maintenance of Offsite and Personally Owned IT Equipment
Policy Statement: This policy outlines the standards for maintenance and support of university owned equipment that is portable or removed from university property and for personal equipment that is used for university business...
Network drive space is a resource provided for the sole purpose of storing current work-related data. All employees are responsible for managing their own space, which includes deleting non-essential or old files to keep space utilization at a minimum. Personal files, such as music, photos or video clips are not to be stored on network drives.
Many of these inappropriate file types can be identified by such extensions as: mp3, avi, exe, dll, jpg, mpg, wav, wmv, gif, bmp and sys. There are more, but these are the most common. While these are deemed inappropriate for personal storage, they are considered acceptable if they are used for department-related work such as the design of web pages, presentations and documentation.
Our initial space allocation on the SAS Novell servers is 100MB in each user’s home directory (H:\ drive). Disk space on this drive is to be used to store your work-related information (word processing documents, Excel spreadsheets or presentations) that is personal in nature, such as performance appraisals. In addition, many users also have an L:\ drive, used to store html and graphic files for use in publishing a web page. Only web-related materials should be stored here. Note that the amount of space you have on your H: \ drive is shared with the L:\ drive. For the vast majority of users, 100MB is sufficient, but upon receipt of a request, the drive space will be reviewed for compliance with the data storage policy and additional space may be allocated based upon need and availability of resources.
Users should, on a regular basis, review the contents of their drives and delete any files that are unnecessary or do not comply with the policy. Another misuse of your personal storage space is using it as a backup for your personal computer. An external hard drive should be used for this purpose. For detailed instruction on how to clean up your home directory, please review theViewing Files in Windows Explorer documentation.
The workgroup drive (W:\ drive) is departmental space for sharing work-related files with multiple users or space for individuals to store their work-related documents. We encourage departmental administrators to use this space to store data even if they are the only ones with access. If you need to have a directory created on the W: drive, submit a confidential REQUEST and provide the name of the directory you would like created, the list of users who should have access to that directory, and the type of access they should have (read or read\write). Documents that are being worked on by several individuals should be stored in the W: drive rather than being emailed back and forth. Not only is this method more efficient, it helps to save resources on the mail server. The W: drive can be accessed using several methods:
- NetStorage - allows faculty and staff to securely access their network drives anywhere on campus or at home, using only a web browser. For detailed instructions on how to connect to your network drives through NetStorage, please go to Netstorage documentation and review the NetStorage documentation.
- NetDrive -drive mapping utility which allows you to access your network drives. For detailed instructions on how to connect to your network drives through NetDrive, please review the NetDrive documentation.
- VPN and Novell Client -uses the internet to provide remote access to network data with the use of the Cisco VPN and Novell Clients. For detailed instructions on how to connect to your network drives using VPN and the Novell Client, please review the Accessing Network drives through VPN Client documentation.
The initial space allocation on the SAS e-mail servers is 100MB per user. As with home directories, additional space will be granted upon request; however, the same policy applies to email as it does to personal space. It is the responsibility of the user to maintain their mailbox by deleting non-essential emails and attachments in an effort to conserve space. For detailed instruction on how to clean up your mailbox, please review theCleaning up Thunderbird and Zimbra Mailbox documentation.
The system administrators periodically run scripts to identify files on the server that appear to fall outside of our usage guidelines. Any users flagged by that software will be contacted by system administrators to make a final determination regarding the appropriateness of the data being stored.
School of Arts & Sciences (SAS) Information Technology Procurement and Inventory Policy
Policy Statement: This policy outlines the terms for the proper inventory of IT purchases including the reimbursement procedure when purchases are made with non-Rutgers funds.
As The State University of New Jersey, Rutgers has taken steps to manage and preserve the integrity of the Rutgers name.
The creation of the new Rutgers visual identity system has been a complex and broadly consultative project to create instantly recognizable visual identities for all Rutgers communications.