Mobile Device Management (MDM) FAQs for Faculty/Staff
Why am I prompted daily or multiple times a day for my password now that I have been migrated to Exchange Online?
Office 365 applications respect our Multi-Factor Authentication (MFA) service, which we enabled in 2019 to increase the security on your account. Multi-Factor Authentication is in place to prompt for your password once a day. Now that your mailbox has been migrated to Exchange Online, the MFA policy is in effect for your mobile phone, as well as other devices. Some mobile devices are more sensitive to MFA and may prompt you more often, for example, when you change networks. Mobile Device Management is the best solution to keep this from happening.
How can I stop getting prompted daily for my password when I try to check my email on my mobile phone? How do I get MDM?
We have a mobile device management (MDM) policy that will no longer prompt you daily and will provide the best experience on your mobile device, using Microsoft InTune Company Portal. For more information on how to get added to this policy, click here.
Is MDM a temporary solution?
MTSU has a responsibility to protect corporate data and is tasked by the administration and auditors to demonstrate due diligence in this area. MTSU also has a responsibility to protect the privacy of its employees by properly protecting their data. The only way to meet these responsibilities while providing access to personal devices, is by using Mobile Device Management to ensure minimum protection levels are applied on the device. This is the way for us to provide the best experience for you on your mobile device, therefore this solution is not temporary.
This is my personal device. Does MDM have the capability to spy on me?
We understand that many of you use your personal device for work, and therefore there
needs to be a certain amount of trust between the end user, the organization, and
the people responsible for managing the MDM platform. The companies involved understand
that privacy is very important, so there are limits in place to get the least amount
of control and information from your phone. Microsoft InTune MDM has different policies
for personal devices vs. Corporate devices. Here are some of the differences for personal
• Only the last 4 digits of a phone number are visible
• No app inventory is collected, except for the Company Portal app that is used to manage enrollment on the device
• The only data that can be removed from a device is corporate data from managed apps
• For a list of what InTune can and cannot see, click here
In addition to the information limits, we have a limited number of trusted and trained ITD administrators who can manage the sensitive and impactful elements of the MDM solution (e.g. able to configure policies, access inventory data, etc.)
MDM is offered to improve the user experience with your mobile email client. It is not required for you to receive your email, but you will be prompted every day if you choose not to use MDM.
Why do I have to agree that you can factory reset, remote lock, or remove the passcode on my phone?
Since InTune Company Portal MDM is designed for Corporate devices as well as personal devices, the agreement must cover the range of control and actions that could possibly be taken if that is part of your company policy. MTSU does not perform these kinds of actions without the permission/request of a user.
What can the MTSU Software Portal see/do on my phone?
MTSU Software Portal can NEVER see: Call and Web history, Location, Email and text
messages, Contacts, Passwords, Calendar, Camera roll.
MTSU Software Portal MAY see: Model, Serial number, Operating system, App names, Owner, Device name, Manufacturer, Phone number for corporate devices or last 4 digits for personal devices.
Why can’t we increase the time from 7 days?
When MFA was implemented in 2019, a decision was made to set the days before a device must re-authenticate to 1 day. Beginning in August 2020, the number of days was increased to 7 days. Since Mobile Device Management (MDM) is available to change this behavior, eliminating the need to re-authenticate, regardless of the number of days until they change their password, we believe this is the best solution for our users.
I do not want MDM anymore, how do I remove it?
If you decide that you no longer want to use MDM, simply deleting the Company Portal application will not remove you from the policy. Please contact the Help Desk or open a Footprints work order to request to be removed from MDM. Once this is processed, you will no longer be enrolled in MDM and you will return to being prompted daily on your device.