Restricted Permissions
While this page is in development, only the following people have access to view this page:
Melissa Medina-Razzaque
Matt Davidson
Mark McFarland
Margie Athol
This page will have information about the EPM Phase 3 project including definitions for key terms and FAQs.
Definitions & Terms
Below is an alphabetized list of frequently used terms and how they’re defined along with an explanation of what that looks like in our environment or implications.
Term | Definition | What does that mean? |
|---|---|---|
Owner, device owner | The individual who owns the device or who is responsible for making decisions about the device. | For research labs, the PI is assumed to be owner for each device. The owner can delegate responsibilities (such as approving changes) at their discretion. |
Address, addressing a device | Done by CNS OIT in collaboration with the owner. Take actions so the device is capable of performing needed functions and is compliant with security policies. This includes collecting inventory information, making configuration changes to the device, and/or making configuration changes around the device. | Inventory identification will happen for every computer. Configuration changes to a computer may include enrollment in central management, adjusting administrative permissions, setting up data backups, installing OS and application updates, among other settings changes. Configuration changes around the computer may include removing it from the network, changing what network it’s connected to, or adding a hardware firewall. |
Enroll, enroll in management, enrollment in central management | Done by CNS OIT in collaboration with the owner. Install software that connects a computer to the centralized Endpoint Management (EPM) systems, then use the EPM systems to set up policies for regular installation of updates and enable security configurations. | See the FAQ “What will be different after my computer is enrolled?” for more details. |
Endpoint | Any device capable of connecting to the internet and accessing, storing, or sharing information. | Computers, tablets, smartphones, security cameras, and printers are all considered endpoints. In the context of this project, “endpoint” will most commonly be referring to a computer. |
Endpoint Management (EPM) | A set of tools used by IT to employ policies designed to protect access to University computers, data, and resources by securing computers and identifying the presence of specific security vulnerabilities. | Currently, we have EPM tools for computers (macOS, Windows, and Linux) and iPads. See the FAQ “What will be different after my computer is enrolled?” for more details. |
Inventory identification | Gather details about a computer that are used to identify a device, who is responsible for it, and aid in support. | CNS OIT will gather details about the computer’s hardware from the device itself. We will talk to the owner and/or users of the device to find out information about how the device is used and by whom. See the FAQ section “Inventory Identification” for more details. |
UT-owned | Purchased using UT funds, including grants. Owned by the University of Texas at Austin. | For research labs that came to UT from another University: all devices originally purchased at a prior institution and were brought to UT are UT-owned and required to be transferred from the prior institution’s inventory to UT’s inventory. |
Personal, personally-owned | Purchased using personal funds that did not originate from a UT account. Belongs to the individual. | |
Used for University business | Any device that is used to store, process, access, or share data that is owned by the University or produced during and/or for the purpose of performing University duties. | Using a computer in these ways would make that computer used for University business:
Any UT work or UT resources being accessed as a student does not count (e.g. submitting your own coursework via Canvas). |
FAQs
Endpoint Management (EPM) & Enrollment in Central EPM
What will be different after my computer is enrolled?
admin access
logging in with EIDs
OS and applications updates (security)
screen saver lock
CNS IT will have an admin account
Remote access
What updates are done by management?
Do you have access to my data?
Some of it. CNS OIT has the access and technical ability to access data that is stored in these ways:
On the hard drive of a managed computer: Select members of CNS OIT staff can use our administrative account to access files saved within any user profile.
CrashPlan (Code42, UTBackup): Select members of CNS OIT staff have access to the administrator console.
UT Box: Only if CNS OIT is the owner of a shared folder, or has access to a departmental Box share.
File servers: Only if CNS OIT manages it.
CNS OIT does not have access to data stored in these locations, however the administrators of these services do:
UTMail
Microsoft 365: Outlook (email and calendar), OneDrive, SharePoint, Teams
UT Box
All other UT-owned devices and services
Your data is your data, and the privacy and security of your data is a top priority. We do not access a person’s data unless requested to do so by the data owner or another authority.
Will you be monitoring or looking at my data?
No. CNS OIT does not look at nor monitor the data anyone has on their computer. The only time we intentionally touch data on a computer is if we are assisting in data recovery or if we are legally required to do so such as during a FOIA request. In these cases, CNS OIT does not open, look at, nor review any files beyond verifying the data is not corrupted.
Inventory Identification
Why are you taking inventory details about my personal computer?
Why do you need to know how I use my computer?
These are 3 main reasons:
We configure management to minimize disruptions and avoid negative impacts to productivity while adhering to security requirements. The default management configurations are designed based on the average habits and needs of our users, but we evaluate every situation individually.
Troubleshooting is streamlined and a more targeted approach can be taken. We look for patterns based on how a computer is used, and deviations from those patterns help us identify the underlying problem.
UT is required by state law to identify what classification and types of data are stored on or accessed by a device. Knowing how a device is used helps answer this question.