Skip to main content
IT Unconference

Mobile Device Management

Proposed by Bruce Vincent

Where will the conversation continue?
Email comments into IT Services and Information Security on suggested changes. Email list should be created
Notes

Solicited feedback on adoption, features, improvements, etc for MDM:
- Difficulty even knowing who has mobile devices. Users are able to register via SNSR and we cannot determine who is affiliated with different departments. Can we have at least department identifiers in the future? This would also allow groups to go back to those who were not registered through SNSR, as well.
- Recommend installing iStanford by default. (A future function will be an application delivery mechanism that will allow for this.)
- Many users are inquiring about common applications that may be pushed through MDM such as FindMyPhone.
- Some members shared that it would be good to be able to see what applications are installed on the phone. Other members greatly opposed this ability and shared it as a barrier to entry.
- Would like the ability to push critical updates and app updates.
- Language on the service pages is very vague and could lead users to a false sense of security. Be specific about what safeguards are in place and what it provides to the user. For example, documentation needs to be better about letting people know that they would need to actually turn on VPN and that it is not on by default – just configured.
- Some members believe that if it is a Stanford-owned device we should be able to dictate updates and functionality within the service.
- What will happen at the end of the year when the certificates expire next year? Going forward a mechanism will notify the user that the certificate will be updated and will not happen with user-interaction.
- What are your thoughts about delegated support at the department level for the service? Current model is based on a self-service model.
o Could be helpful as you move devices and apps between people.
- Discussion regarding “my device” vs “Stanford device”
o Should there be two different profiles?
- Are there other ways to determine if the system is a Stanford device without using NetDB?
- If I am an application owner is there a way I can tell if a device is managed as it accesses my system?
- What is ISO’s long-term plan about MDM? Today it is opt-in – what will ultimately happen?
o Stanford as an Institution will probably never give an edict.
o At the same time, the institution has real needs for balancing risk, policy and productivity/culture – we need to create opportunities for users and groups to take advantage of secure options.
o From a service provider point of view – we want to make whatever we build to be as flexible as possible to adapt to the user’s needs.
- How do you feel about Android and Windows Mobile – are they relevant or growing in your area?
o In the student residences, the iOS devices are growing. Not seeing as much growth in other handheld devices.
o One of the things that drives iOS this is what integrates with Zimbra. Android does not work as well with Zimbra. If Stanford goes to a different email/calendar platform that integrates better with other devices, we may see more on campus.
o Continue looking just at the major players instead of spinning your wheels on making the existing MDM work for everything.
- MDM – what brought you to this meeting? Do you like it? Not like it?
o What are the compelling reasons for users to actually adopt this?
o Better understanding of how to support users who are using MDM.
o To share feedback around language on service pages and how the service is presented.
o Have a link on ESS to the service.
o Profile should change the lock screen/desktop to show who to return device to should it get lost.
o