BRING YOUR OWN DEVICE (BYOD) - FAQ

BYOD Frequently Asked Questions (FAQ)

If the following FAQ does not address your questions about this change, please contact the UTMB Office of Information Security (security@utmb.edu or 409-772-3838).

  1. WHY? (Controls? ...Intune? ...Now?)
    • Controls – The controls have been part of policy.  UTMB Security Practice Standards 1.4 Portable Computing (created Jan. 1, 2008) and 5.1 Platform & Application Hardening (created Sept. 3, 2002) require computers (UTMB and personally owned) to be securely configured to access UTMB networks and data.  The updated BYOD process just confirms secure configuration prior to allowing access to UTMB resources.
    • Intune – Intune is a component of UTMB’s Microsoft licensed management and security tools.  Intune adds a small application to enrolled systems to allow it to respond to configuration checks (and eventually to request applications from a UTMB app store).
    • Now – Intune has been undergoing extensive configuration development and testing to ensure that the controls are effective and minimally invasive.  Pilot group testing has been completed and practices for ongoing controls development have been generated and approved via UTMB management.

  2. What classes of mobile devices are included?
    In this phase of the roll-out, only IOS-based and Android devices (tablets, smartphones, etc.) are included, however additional development and configurations are progressing to include Windows-based laptops and other device classes.

  3. Does Intune have access to my personal files?
    No, Intune will only monitor for compliant configuration settings and allow access to UTMB resources, as appropriate.  No access to personal data/files is established and only limited device information (Model, MAC Address, OS version, etc.) is collected and maintained by Intune.

  4. Does Intune track my location or activity?
    No, location services, call logs, etc. are maintained as personal settings or are controlled via personal applications.  Intune does not have access to personal device settings or personal app settings.

  5. Can Intune WIPE (erase data and/or reset configuration) or PUSH apps/software/configuration changes to my personal device?
    No, the Personal Device profile used by Intune does not allow wiping or “factory settings reset” on personal devices.  If/when changes to device setting are required to establish or maintain access to UTMB resource or updates to apps loaded from the UTMB Store are required, enrolled devices/users will receive notices and guidance to make the changes, however the device/user MUST INITIATE the change/update.

  6. Is Intune required for Duo multifactor authentication for remote work/access?
    No, Duo MFA device registration (to receive Duo push, passcode or phone call notifications for remote access via VPN/Citrix/etc.) is a completely separate process and does not require Intune enrollment. Please note: The system used to access UTMB resources via VPN/remote access, will need to be enrolled in Intune to confirm compliance.

  7. Are there "productivity" options for users or personal devices that are not enrolled in Intune?
    Yes.  Devices not enrolled in Intune (or determined to not be security controls compliant by Intune) will still have access to the Citrix virtual desktop (Storefront) environment.  Please note: access to UTMB email via Outlook, webmail, POP/SMTP will be restricted to Intune enrolled/confirmed compliant devices.

  8. Can “jailbroke” or “rooted” devices enroll in Intune and be confirmed as compliant for accessing UTMB networks, resources and data?
    Jailbroke or rooted devices can enroll in Intune, however they are NOT compliant, and will not be able to be used to access UTMB networks, resources and data.

  9. When/how can users begin to enroll devices in Intune?Voluntary enrollment of personal devices in Intune can be done now, by following the instructions for your device found below:

iPhone/iPad:
- If already present on the device, backup and remove the Microsoft Teams and Microsoft Authenticator apps. 
- Navigate to Settings > General > VPN & Device Management > Sign In to Work or School Account
- Type in full UTMB e-mail address into the Work or School Account prompt
- Complete UTMB log in prompt. This may require DUO Authentication.
- Sign in to iCloud prompt with UTMB password. This may require DUO Authentication.
- Complete the prompt to ‘Allow Remote Management’
- The device will now receive 3 new apps. UTMB Company Portal, Microsoft Authenticator, and Microsoft Teams.
- A prompt for installing apps may appear. These must be accepted.
- Open the Microsoft Teams app.
- Sign in with UTMB credentials.
- Once sign in is complete, the device is enrolled.
Android:
- Follow the instructions found here:




Where can we learn more about Intune?
If you have additional questions regarding Intune or the changes to UTMB’s BYOD practices, please see Microsoft’s Intune knowledgebase page (link below) or contact the Office of Information Security (Email: security@utmb.edu, Phone (voicemail); 409-772-3838). 

What info can your organization see when you enroll your device? | Microsoft Learn

Search the National Vulnerability Database

Quick Links