USNH Endpoint Management Standards

Task: Provide information about current USNH Endpoint Management Standards

Outcome:

USNH Desktop Management & Business Application Support provides support for endpoints at USNH. Our team is responsible for life cycle management from procurement to end-of-life. Our technicians will assist you with selecting an endpoint from the USNH Standards list, place the order in UShopNH, accept delivery, configure for the USNH environment, schedule an appointment to deliver and set-up the new device.  At the time of delivery, end users must be prepared to return the replaced device. All equipment purchased with University funds, including grants, are USNH property and subject to USNH Policies concerning the Operation and Maintenance of Property. No personal funds shall be combined for the purchase of endpoints. 

Cybersecurity standards have been established to provide baseline configurations of endpoints and systems access requirements to mitigate risk to the individual, their data, and institution from cyber threats. This document provides links to established and approved endpoint management standards.

Standard Model Procurement:

Standard model bundles that include docking station, monitor, keyboard, and mouse, have been chosen to allow purchase-at-scale and increase USNH’s competitive buying power. Should you find the standard model bundle will not meet your needs, there is an exception to standard request process which requires a documented business need.  

Purchasing via UShopNH: 

To ensure that devices are properly configured, our technicians will place your order via UShopNH. At the time of purchase, you will need to provide FOAPAL information, proof of purchase approval (if approval to purchase is granted by your department/business unit), your financial contact and billing address, and your Principal Investigator name/contact information (if required).  

Security and Compliance: 

Our technicians will accept delivery. Your Windows device will be configured to authenticate using your USNH employee-specific ID (See: USNH Access Management standard) aka “USNH ITID”. The endpoint will be configured to use USNH-approved management software to meet security compliance controls established by the USNH office of the Chief Information Security Officer (CISO). Windows devices are enrolled in Active Directory and System Center Configuration Manager. Macs are enrolled in JAMF Pro. Both tools are enabled to enforce patch compliance, security baselines, and timely software upgrades of standard USNH software packages. 

Device Delivery: 

Desktop Management technicians will schedule an on-site appointment for endpoint delivery. You will be asked to sign into the device using your USNH ITID. Cloud storage solution will be configured for data backup at setup. Email, Wi-Fi, networked copiers, and user-specific, licensed software will be installed at setup. Incidental personal use is expected. However, end users are responsible for the backup of non-institutional data on institutional devices.  

Device Collection: 

The return of replaced/improperly functioning equipment, chargers, adapters, and peripherals are expected at the time of delivery of replaced device. Requests to retain replaced devices are evaluated on a case-by-case basis and must be supported by a documented business need. Retention results in a security risk to end users and the institution as well as a burden on our tech staff who are responsible to track legacy devices with un-patched security issues. Vendors classify older computing hardware as “legacy devices” and discontinue providing critical security patches. 

Replaced/improperly functioning machines become a technical burden for the user and technical staff for a multitude of reasons. When a device reaches the end of its usable life, it is not running optimally. The end user experiences the technical burden of navigating workarounds and the device’s eventual decline. As the device is utilized less frequently the data remains fully intact and unattended—not receiving critical patches which routinely updates during normal business use. Workforce constraints limit the ability to maintain multiple devices per end-user, tracking aged software vulnerabilities for older fleets, etc. 

Further reading:

Click for more information about the USNH Access Management standard.

Click for more information about the USNH Endpoint Management standard.

Click for more information about Technology/Cybersecurity Policies.

Need additional help?

Contact Cybersecurity
Contact Desktop Management

Please use this link to the ET&S Help Desk team to locate your local campus contact information.  Use the “Submit a Question” for your campus to enter an online support request.

 

 

Details

Article ID: 4182
Created
Tue 9/7/21 12:21 PM
Modified
Wed 7/13/22 4:58 PM
Applicable Institution(s):
Granite State College (GSC)
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office