The objectives of AU's policy and rules for mobile devices are:
This applies to mobile devices provided by AU as well as private mobile devices used to access AU information, data and systems which are subject to access control and which must be protected according to the data classification.
All mobile devices belonging to AU must be registered as an information asset by the unit providing the device.
The primary user of a mobile device is responsible for the data on the device. On mobile devices without a primary user, the most recent user is responsible for removing data from the device after use. Users of the university's mobile devices are responsible for protecting the devices and the data processed on these devices.
Mobile devices must be removed, locked securely, kept under surveillance (e.g. carried in hand luggage on business trips) or in some other way secured against theft or misuse whenever an associated risk assessment so dictates.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
Please see the AU Patch policy and Rules regarding information security
Aarhus University wants to ensure minimum levels of protection for mobile devices that can access AU IT infrastructure and AU data. This is part of overall efforts to protect employees against malicious cyber and information security incidents such as hacking attacks and loss of data.
The use of MDM ensures that Aarhus University complies with two mandatory technical minimum requirements defined in the national cyber and information security strategy for government agencies and institution
All employees who want to access AU’s Microsoft 365 and OneDrive solutions must comply with the AU MDM requirements. This is ensured by installing AU's MDM software on the mobile device, regardless of whether it is an AU or a private device.
AU MDM solutions must meet the following minimum requirements:
*CVE is an index from 0 to 10 indicating how critical a vulnerability is for the device. An index of more than 8 means high to critical. CVE is an abbreviation for Common Vulnerabilities and Exposures.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
Regardless of whether the data is owned by AU, individuals or a third party, AU may freely dispose of its own devices. For example, AU may reset and delete user content on mobile phones, computers, network drives and various storage devices and media without prior user consent and without liability for losses in connection with the end of study or employment periods.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
A mobile device is a small handheld device that has a touchscreen and/or a QWERTY keyboard, and which can function as a telephone. Examples include smartphones and tablets.
Mobile Device Management (MDM) is software that makes it possible for users to have any apps they want on their device while still allowing for AU'S policies regarding university data to be enforced on the device. AU uses Intune for MDM.