HKUST ITSO AI Chatbot

Important reminder

Please do not disclose personal data such as your HKUST account number, staff/student ID or name in the chatbot. Information provided will be retained to enhance system performance.

By using the HKUST ITSO Chat service, you confirm that you have read, understood, and agreed to the Disclaimer

Log in to access additional information for your user group in addition to the publicly accessible content.

Send Icon
Device Classification Security Requirements and Protection

To maintain a secure environment, devices accessing the network are classified based on ownership and management status. Different security requirements apply to each device category to protect university resources and data effectively. This page outlines the classification and corresponding security standards for Microsoft Intune managed corporate and personal devices.

Device Classification

  Corporate device Personal device used for university work Personal device not used for university work
Ownership University property Personal property
Data access Work related, such as University documents, sensitive data, research findings, emails Personal related only

 

Security Requirements and Protection

Corporate device
  • Minimum Security Standard for Endpoints: A minimum set of tasks and controls must be implemented to achieve the appropriate level of protection based on the risk classification of the device.
  • Enrollment in Microsoft Intune: All corporate devices must be enrolled in Microsoft Intune, which enables centralized management and enforcement of security policies.
  • Compliance Enforcement: Intune ensures that devices meet university-defined compliance standards, such as requiring disk encryption, password complexity, and automatic updates.
  • Security Baselines: Devices are configured with standardized security settings aligned with best practices, reducing the risk of misconfiguration.
  • Remote Wipe Capability: In case of loss or theft, the device can be remotely wiped to prevent unauthorized access to sensitive university data.
Personal device used for university work
  • Installation of Microsoft Defender for Endpoint (MDE): These devices must have MDE installed to provide enterprise-grade Endpoint Detection and Response (EDR).
  • Threat Detection and Response: MDE continuously monitors for suspicious activity, malware, and vulnerabilities, and provides alerts and remediation guidance.

Personal device not used for university work

We have the following recommendations:

  • Regularly update your operating system and applications to protect against vulnerabilities.
  • Install reputable antivirus software and keep it updated to safeguard against malware.
  • Ensure your device's firewall is enabled to monitor network traffic.
Learn More

 

Support

General Enquiries cchelp@ust.hk
Suggestions & Complaints cclisten@ust.hk
Serviceline +852-2358-6200