Mobile Device Management
Mobile Device Management (MDM) enables the centralised, secure control and management of University owned mobile devices and University data.
The MDM solution used by Edinburgh Napier University is Intune.
All University owned mobile devices must be enrolled into Intune MDM for Cyber Essentials.
Please be aware:
- You do not need to enrol your University Managed Laptop into MDM, as this is already in place.
- It is not possible to enrol your personal device(s) into MDM.
What are the benefits of Mobile Device Management?
Is my device compliant with Intune MDM?
How do I enrol my device for Intune MDM?
What apps can I use once my device is enrolled for Intune MDM?
Why does the Company Portal app require access to my University-managed device’s location?
Where can I find further help?
The installation of Intune MDM:
- Ensures compliance with mandatory device security controls, effectively protecting the University’s data and you as a staff member.
- Enables you to securely access University email and data on University owned Mobile Devices.
- Provides peace of mind that University data is secure and that the device can be centrally wiped and disabled if lost or stolen.
- Encourages information security good practice by requiring a device password / 8 character passcode to be set on the device.
- Enables you to easily download and access University and departmental apps.
- Allows you to locate your allocated devices.
Before you attempt to enrol your University owned mobile device, you will need to ensure it's compliant with Intune MDM and Cyber Essentials.
The minimum accepted versions are:
Information about non-imaged University Windows devices and Intune MDM
It is currently not possible to enrol non Edinburgh Napier imaged Windows devices into Intune Mobile Device Management (MDM). This includes non-HP laptops, Windows tablets and any other device to which we are unable to apply the Edinburgh Napier image (our version of Windows that we install onto University computers instead of the standard version that comes with the computers from the manufacturer).
The majority of colleagues will be able to access University services using a standard University managed laptop or via Intune MDM on an Apple iPad or Android tablet, however there is a small percentage of colleagues that may require a non-imaged Windows device.
Information Services are currently investigating the development of a new service to enrol non-imaged Windows devices, in the meantime colleagues are advised to use an alternative device that can be imaged or enrolled in Intune (Apple iPad or Android tablet).
Before you enrol for Intune you must ensure you have Multi-Factor Authentication set up on a separate device - find out how
Existing University owned Android or Apple devices
Before you enrol for the MDM service you will need to wipe your University-owned mobile device. The procedure differs depending on whether you have an Android device, or an iOS device. You can do this by following the relevant instructions below:
Once the device has been wiped and restored to the factory settings you can follow the instructions below to enrol for MDM:
New University owned Android or Apple devices
If you have a new, out of the box University owned Android or Apple device, follow these instructions:
The apps that you can access depends on your role and which device you have, however there are a number of core apps that all Intune MDM users have access to download. These include but are not limited to:
- Microsoft 365 apps: Outlook, Teams, Word, Excel, PowerPoint etc.
- Edinburgh Napier app
- Adobe PDF reader
- MS Authenticator app for Multi-Factor Authentication
If you have an Android device you can download the apps from the Google Play Store on your device.
If you have an Apple device you can download the apps from the Intune Company Portal app which will have installed on your device when you enrolled for MDM.
Location information is collected periodically to enable the lost/stolen device feature in Intune and is used in the following ways:
- No device location information is sent to Intune until the device is marked as lost or stolen.
- When an administrator uses the locate device action, the latitude and longitude coordinates of the device can be retrieved.
- The data is stored for 24 hours, then removed. Administrators can't manually remove the location data.
- The data for last known locations is stored for up to seven days, and then removed.
- Location data is encrypted, both while stored and while being transmitted.
If you require further help or would like further information about the MDM service please contact the IS Service Desk in the first instance.
Page last updated: 16 September 2022