Logo Utrecht University

Back

Endpoint Management: FAQ

  • EM: How and what

    • iOS – version 13 or higher
    • Android OS – version 9.0 or higher

    If you have a device with an older version of iOS or Android, you may need to request a new phone through your supervisor. Otherwise, it will no longer be possible to view UU data on your mobile device.

    • Your business files and emails are secured. Microsoft 365 business apps require a personal PIN to use the app. This PIN gives you access to your files and/or email messages. If you do not use your phone for 30 minutes, you must enter the PIN again.
    • Files within the Microsoft 365 apps are secured.
    • It is not possible to copy content (text) from and to private apps; only between business apps.
    • It is not possible to store business files outside OneDrive for Business or SharePoint. Saving files to your phone or other random (Cloud) location is not possible.
    • Stop bringing in mail in your current mail application and start using Outlook.

    For the installation of EM you need to authenticate yourself as a UU employee. This is done by means of 2FA – Two Factor Authentication (you can turn on 2FA on the website https://mysolisid.uu.nl). To make this possible you need an authenticator app, we recommend using Microsoft Authenticator.

    Data protection is based on Solis-ID/email address and not on device level. This means that as long as the Company Portal app is not installed on your device, the UU data on your device cannot be accessed.

    All iOS and Android mobile phones and tablets that you install or access anything from the UU on. Windows 10 is beyond the scope of EM. Working on your Windows 10 computer will not change.

    At this moment, only the Microsoft 365 apps are regarded as business apps. The other apps (such as Whatsapp or Signal) will not be included in the business container and will remain classified as private apps. Just as it is now (without the business container).

    Files, and text in files, that are present in the managed apps. Note that a file is not considered business data until it is stored in OneDrive, SharePoint or Teams (i.e. Word, Excel and PowerPoint files stored locally on the device are considered private files (until they are stored in OneDrive, SharePoint or Teams).

    That is correct, if you are not reading mail on your phone/Office apps to view UU data no action is required. If you want to use UU apps in the future, you can still go through the steps.

    No, unfortunately this is not possible. A business or private phone can only be managed by one organisation. This is a logical limitation. Enforcing policies by two organisations creates conflicts.

    EM security does not allow the use of a pattern anymore because the security level is too low.

    Fingerprint unlocking for apps within your Workbook has to be turned on separately for Android devices.

    How do I activate a fingerprint for work apps?

    • Go to settings/work profile
    • Go to “fingerprints” setting ” and register a fingerprint.

    • To use this option, a PIN code must be set for the working directory.
    • Press PIN code and enter a PIN code of at least 6 digits (can be the same as for screen lock).
    • Now register the fingerprint and if it is registered correctly, press Done.

    If everything went well you will now see the options PIN and Fingerprint under “Lock type work profile”.

    It is now possible to unlock work apps with a fingerprint.

    Yes, every 30 minutes. This means if you have not opened or viewed an application for 30 minutes you must log in again. Each time you open or are active in an application the 30 min. is extended.

    Per faculty/department, all employees are provided with security on their mobile devices. Should you not want to install Endpoint Management for any reason, it will no longer be possible to view UU data on your phone without this security.

    The 2FA security is currently not active on apps on your phone. You use your phone to log in on other devices (e.g. laptop) via 2FA.

    Yes, it is. A DPIA was performed prior to implementation.

  • EM Applications

    Yes, if you are already using Microsoft Outlook for your private email this will still be possible. Your private email will be visible as an extra mailbox in Microsoft Outlook. Using another mail app such as Apple Mail or Google Mail for your private email remains possible and is not blocked by UU.

    1. In Outlook, click on the logo found top left of the app to open the Outlook menu.

    OutlookiOS1

    2. Then click on the + icon to add an additional (private) account. Then click on Add email account.

    OutlookiOS2

    3. Enter the information for this account and click Add Account.

    OutlookiOS3

    4. The added account is visible in the left overview.

    OutlookiOS4

    1. In Outlook, click on the Microsoft Office logo.

    OutlookAD1

    2. Then click the + icon to add an additional (private) account

    3. Enter the details of this account and click Continue.

    OutlookAD3

    4. The added account is visible in the left overview.

    5. Open the account and determine which calendar items should be displayed.

    OutlookAD5

    6. Click on the calendar icon to view or edit the total overview of the calendar items. Each (private) account has its own color.

    No, this is not possible. In the Microsoft Outlook app, EM security has been applied. This is not the case in another mail app, such as the standard mail app from Apple or Google. This is why the use of Microsoft Outlook is enforced to be able to read your UU e-mail. This means that the UU mail cannot be accessed from the native email app.

    No, this is not possible. In the Microsoft Outlook app, EM security has been applied. This is not the case in another calendar app, such as the standard calendar app from Apple or Google. This is why the use of Microsoft Outlook is enforced to be able to read your UU calendar. This means that the UU calendar cannot be accessed using the native email app.

    To open webmail you need the Edge app. This is a secure app of the University. This is how we make sure you access your webmail through a secure connection. You do have to “log in” to the Edge app before opening the webmail.

    It is best to open the attachment with the Office app, that way you can also edit them directly. You’ll get a notification as soon as you open the attachment that you can open the message in the Office app (or that you need to download the Office app if you don’t already have it).

    This differs between a UU business device and a private device. It also differs by platform (iOS or Android). On an Android business device, work and private will be separated by containers (a private and a work container). The business apps are visible and usable from the work container while the private apps are usable from the private container.  There is a physical separation between work and private.

    On a business iOS device, the separation of work and private is not separated by these containers. The business apps are in between your private apps. The business apps are considered business and security will be applied to them. Your private apps are not affected. On a private phone (iOS or Android), only the business apps are protected. No settings or security policies are enforced on your private apps. This only happens on the UU apps.

    On an Android device the workbook is a separate window. The apps in it can only be accessed via that window. To get to this workbook you have to swipe up on the start screen so that you can get to your apps. In this window there are two tabs (accessible at the bottom), Personal and Work. To quickly access your work apps, you can also copy the app shortcut to your home screen by holding down the app icon for a longer time and dragging it to the home screen.

    In your Working directory, a number of mandatory apps are installed. These apps are automatically reinstalled if you manually uninstall them.

    No, it will still be possible to take screenshots of business data.
    The following apps will be managed by EM and thus form the business bubble (there will be more in the future);

    • Microsoft Authenticator (broker app* for iOS Private)
    • Company portal (broker app* for Android, and iOS business device )
    • Microsoft 365
    • Microsoft Outlook
    • Microsoft OneDrive
    • Microsoft PowerPoint
    • Microsoft Word
    • Microsoft Excel
    • Microsoft OneNote
    • Microsoft Teams
    • Microsoft Skype for Business
    • Microsoft Lens – PDF Scanner
    • Microsoft Stream
    • Microsoft Lists
    • Microsoft Visio Viewer
    • Microsoft Whiteboard
    • Microsoft Launcher
    • Microsoft Planner
    • Microsoft 365 Admin
    • Microsoft Azure Information Protection Viewer
    • Microsoft SharePoint
    • Microsoft Kaizala
    • Microsoft PowerApps
    • Microsoft To-Do
    • Microsoft Power Automate
    • Microsoft Power BI
    • Microsoft Yammer
    • Microsoft Bookings
    • Microsoft Dynamics CRM

    Also, for Android business, the apps Gallery (for photos) and Open Camera are automatically installed as part of the enrolment process. These can be used for business photos. No app pin is enforced for these apps, but data from the Gallery app cannot be shared outside the business bubble.

    On Android, it is best to use the Gallery app. It is automatically installed as part of the enrollment process.

    This depends on two things, the OS and whether you are using a UU or private device. On a business Android device there will be a physical separation between work and private (also called containers). The contacts in Microsoft Outlook will be synchronised with the contacts in the work container, not the contacts in the private container.

    On a business or private iOS device, the business contacts are visible in the standard contact list (native app). The contacts are not physically located within the contacts app. When calling or being called, the business contact is shown and not the phone number. Synchronising the business agenda from Microsoft Outlook is not possible. This is not (yet) supported by Microsoft at this time.

    In addition to a PIN, you can also choose biometrics (e.g. Face ID).

    This depends on the platform (iOS or Android) and business or private device. On a business Android device, there will be a physical separation between work and private (containers). The contacts in Microsoft Outlook (=business app) are synchronised by default with the contacts from the work container, not with the private container. It is possible to set up a manual synchronisation between your private contacts (and private calendar) and Microsoft 365. So there are possibilities to set up synchronisation between work and private. On a business iOS device the contacts are synchronised (with the native contact list).

    If you install Outlook – it will again include your contacts.

    Notes you can check in Webmail when you log in with your UU account. You will see in the web window the heading NOTES. This is where the notes from your IOS should be synchronized. Below is a screenshot of where you find notes in your webmail.

    If you have a UU device you must use Edge as your internet browser. With a private device you can decide which browser you want to use. This is because you cannot download everything outside of the bubble. Also an internet link sent through the UU-mail will not open outside your bubble.

    You can use either the Microsoft 365 (Office) app or the separate apps. The preference is to use the Microsoft 365 app. You can open and edit all the different document types in it, including PDF.

    With the stand-alone apps, it is important that you first open the Microsoft 365 app and log in with your UU account. From then on you can open all files from your mail or Teams. This only applies to private devices. For UU devices, the apps that need to be used are pushed to the device.

    This differs between a UU business device or a private device. It also differs by platform (iOS or Android). On an Android business device, work and private will be separated by containers (a private and a work container). The business apps are visible and usable from the work container while the private apps are usable and from the private container. There is a physical separation between work and private.

    NOTICE. After installation on an Android device, there are two tabs visible on your phone: Personal and Work. On some devices these tabs are on the home screen, on other devices they are in the app menu.

     On a business iOS device, the separation between work and personal is not separated by these containers.  The business apps are in between your private apps. The business apps are considered business, and this is where security will be applied. Your private apps will not be affected. On a private phone (iOS or Android), only the business apps will be secured. No settings or security policies will be enforced on your private apps. This will only happen on the UU apps.

    EM only manages the UU secured apps and does nothing with the SIM card or the 06 number. Using 1 or 2 sim cards does not affect the UU secured or the private apps one uses.

    You can have 2 accounts for WhatsApp on 1 phone, for the second 06 number download the WhatsApp business app. WhatsApp cannot be installed in the work folder (Android).

Last modified: 22/08/2024

Back
Feedback
Was this manual helpful? Please help us improve our manuals by providing feedback!
Sending