We understand this new security process and initiative may leave a number of you with questions and/or concerns. Please review the list below to find answers to frequently asked questions.
Question 1 - Do I need to enroll in MDM?
Question 2 - What does the Duke Health Mobile Device Manager do, and why are we doing this?
The Duke Health Mobile Device Manager gives us the ability to enforce basic security controls, such as passcodes. It also allows us to maintain Duke data in a secure area on devices, so that we can delete just the Duke data and apps from the device if the device is lost or stolen.
A vast majority of you bring smart phones and/or tablets to our facilities each day. These devices are often connected to our secured wireless network, thus making them a potential threat to our systems. Just as our clinical care teams do whatever is necessary to protect the health and well-being of our patients, it is imperative that all staff, faculty and students do their part to protect the sensitive medical and financial information we collect as part of the continuum of care at Duke Health.
Question 3 - Who needs to adopt the Duke Health Mobile Device Manager?
Enrollment in the Duke Health MDM is required for the following groups:
- Anyone who carries a Duke-owned device; this includes smartphones and tablets.
- Anyone that receives a stipend for use of their own mobile device.
- And anyone that brings their device to work for personal use and accesses our secure wireless network for Duke email or any number of Duke IT resources such as Haiku or Canto.
Question 4 - What are my options if I decide not to register my device?
If you decide not to register with the Duke Health MDM please consider the following:
- You will not have access to Duke email or calendaring on your mobile device starting Jan 5, 2018.
- You will not have access to the secure Duke Health wireless network.
- Please Note: You will have access to the Duke Guest network, or the university’s DukeBlue or Eduroam networks on campus. These networks sit outside of the Duke Health firewall, this denying you access to Duke Health IT services.
Question 5 - What is the deadline for enrollment?
All staff, faculty and students accessing the secured network via a mobile device must enroll by December 31, 2017.
Question 6 - What can Duke see on my phone?
Question 7 - What should I do if my phone is lost or stolen with the AirWatch MBM program installed?
Take immediate action by visiting the Duke Health IT portal or calling the Duke Health IT Service Desk (919-684-2243).
In the meantime, majority of mobile devices sold today have a built-in security function that will wipe your device and restore the factory installed settings with 10 failed pin/passcode attempts. In addition, once reported Duke can remotely wipe the device, thus protecting Duke and you.
Question 8 - Can Duke wipe my phone?
At Duke, security of information is critical to our operations. In addition to the factory installed security functions, Duke will take the necessary steps to remotely erase Duke enterprise data from the device should your phone become lost or stolen. In addition, if your device is out of compliance with Duke Health policies, we will send the commands to wipte Duke enterprise data and settings from your device. Duke will not do a factory wipe that would affect your personal data.
What about wiping the device after incorrect passcode attempts?
Duke Health Mobile Device Manager enables a setting that fully factory wipes the device after 10 incorrect passcode unlock attempts. Due to the fact that this is an OS feature of iOS and Android, and all Duke Health Mobile Device Manager is doing is turning it on, it can’t differentiate between personal and Duke data - the only option we have available in enforcing this is to wipe all data from the device, taking it back to like-new settings. We strongly encourage you to keep your personal data backed up off-device should this or some other catastrophic event render the personal data on your device unrecoverable.
Please Note: The deployment of Duke Health Mobile Device Manager has brought this issue to light and its awareness is garnering some public discussion. This setting has been in place for all Duke Health users of Duke mail on mobile devices for 7+ years, and is not new.
Question 9 - I am a Duke Basic Sciences Researcher, do I have to enroll?
Yes, you will need to register your device if you use your personal device to access Duke IT resources (for example people who get Duke email on their devices).
Question 10 - My device is already enrolled in another MDM (AirWatch, Good, MobileIron, JAMF, etc.). Can I enroll in Duke Health Mobile Device Manager too?
No, your device can only be enrolled in one MDM system at a time, due to the exclusive nature of device rules and compliance requirements. You have to choose which institution's access is more imporant to you, and participate in that MDM. (We're exploring options around this. Check back here to see if anything changes.)
Question 11 - I'm about to replace my device. What do I need to do?
If your old device is still operational and in your posession, go here, log in, pick your device from the list at the top, and then select "Enterprise Wipe" (not Factory Wipe), and confirm this action. This will remove all Duke data and configurations from the device, and let the system know not to expect to hear from that device again. You can do this before or after you enroll your new device in the system.
Question 12 - My device is a little older and / or isn't sold anymore. Can I still enroll?
Yes, probably. As long as your device is running a recent-enough version of its operating system, then it can be enrolled and participate. Those minimums are:
- Android - v 9
- iOS - v 14
If you enroll a device running an OS version older than this, you'll receive an automated email informing you that you've enrolled a device with an older, unsupported OS, and then all Duke data and configurations will be wiped from your device. Duke Health requires these minimum OS versions in order to make sure that security vulnerabilities present in older versions of these operating systems have been patched and addressed.
Question 13 - How do I un-enroll my device?
Visit the Duke Health Portal: https://duke.service-now.com/ess/home.do
- Click the GetIT icon on the home screen
- Click Network Connectivity & Wireless > Duke Health Mobile Device Manager > Remove your device from DH Mobile Device Manager
- Click the magnifying glass. This will showcase all the mobile devices you have registered.
- Choose the mobile device you would like to un-enroll.
- Complete the process by clicking request now in the top right corner of the catalog.
Question 14 - What operating systems are required to be compliant and allow ability to enroll in MDM?
To un-enroll your device from the mobile device manager, please follow the instructions below or contact the Service Desk directly for assistance:
Current versions of each smartphone operating system (OS):
- Android – Android 10
- Apple – iOS 14
Common Service Desk Information resolutions
There is currently a non-Airwatch issue where users are asked to enter a password for “aces”. Please do not enter a password, this issue will resolve itself. If you continue to have connectivity issues, you can reboot your device. If this does not fix the problem, please contact the service desk team where they can remove your “aces” profile for your device and add it back.
answer goes here