Mobile Device Management (MDM) FAQs for Faculty/Staff

Office 365 applications respect our Multi-Factor Authentication (MFA) service, which we enabled in 2019 to increase the security on your account. Multi-Factor Authentication is in place to prompt for your password once a day. Now that your mailbox has been migrated to Exchange Online, the MFA policy is in effect for your mobile phone, as well as other devices. Some mobile devices are more sensitive to MFA and may prompt you more often, for example, when you change networks. Mobile Device Management is the best solution to keep this from happening.

We have a mobile device management (MDM) policy that will no longer prompt you daily and will provide the best experience on your mobile device, using Microsoft InTune Company Portal. For more information on how to get added to this policy, click here.

MTSU has a responsibility to protect corporate data and is tasked by the administration and auditors to demonstrate due diligence in this area. MTSU also has a responsibility to protect the privacy of its employees by properly protecting their data. The only way to meet these responsibilities while providing access to personal devices, is by using Mobile Device Management to ensure minimum protection levels are applied on the device. This is the way for us to provide the best experience for you on your mobile device, therefore this solution is not temporary. 

We understand that many of you use your personal device for work, and therefore there needs to be a certain amount of trust between the end user, the organization, and the people responsible for managing the MDM platform. The companies involved understand that privacy is very important, so there are limits in place to get the least amount of control and information from your phone. Microsoft InTune MDM has different policies for personal devices vs. Corporate devices. Here are some of the differences for personal devices:
• Only the last 4 digits of a phone number are visible
• No app inventory is collected, except for the Company Portal app that is used to manage enrollment on the device
• The only data that can be removed from a device is corporate data from managed apps
• For a list of what InTune can and cannot see, click here

In addition to the information limits, we have a limited number of trusted and trained ITD administrators who can manage the sensitive and impactful elements of the MDM solution (e.g. able to configure policies, access inventory data, etc.)

MDM is offered to improve the user experience with your mobile email client. It is not required for you to receive your email, but you will be prompted every day if you choose not to use MDM.

Since InTune Company Portal MDM is designed for Corporate devices as well as personal devices, the agreement must cover the range of control and actions that could possibly be taken if that is part of your company policy. MTSU does not perform these kinds of actions without the permission/request of a user.

MTSU Software Portal can NEVER see: Call and Web history, Location, Email and text messages, Contacts, Passwords, Calendar, Camera roll.
MTSU Software Portal MAY see: Model, Serial number, Operating system, App names, Owner, Device name, Manufacturer, Phone number for corporate devices or last 4 digits for personal devices.

When MFA was implemented in 2019, a decision was made to set the days before a device must re-authenticate to 1 day. Since Mobile Device Management (MDM) is available to change this behavior, eliminating the need to re-authenticate, regardless of the number of days until they change their password, we believe this is the best solution for our users.

If you decide that you no longer want to use MDM, simply deleting the Company Portal application will not remove you from the policy. Please contact the Help Desk or open a Footprints work order to request to be removed from MDM. Once this is processed, you will no longer be enrolled in MDM and you will return to being prompted daily on your device.