• Minimum Security Standard for Endpoints: A minimum set of tasks and controls must be implemented to achieve the appropriate level of protection based on the risk classification of the device.
• Enrollment in Microsoft Intune: All corporate devices must be enrolled in Microsoft Intune, which enables centralized management and enforcement of security policies.
• Compliance Enforcement: Intune ensures that devices meet university-defined compliance standards, such as requiring disk encryption, password complexity, and automatic updates.
• Security Baselines: Devices are configured with standardized security settings aligned with best practices, reducing the risk of misconfiguration.
• Remote Wipe Capability: In case of loss or theft, the device can be remotely wiped to prevent unauthorized access to sensitive university data.

• Installation of Microsoft Defender for Endpoint (MDE): These devices must have MDE installed to provide enterprise-grade Endpoint Detection and Response (EDR).
• Threat Detection and Response: MDE continuously monitors for suspicious activity, malware, and vulnerabilities, and provides alerts and remediation guidance.

Personal device not used for university work

We have the following recommendations:

• Regularly update your operating system and applications to protect against vulnerabilities.
• Install reputable antivirus software and keep it updated to safeguard against malware.
• Ensure your device's firewall is enabled to monitor network traffic.