Logo Utrecht University


SCEM (Solis Cloud Endpoint Manager): FAQ

  • SCEM: How and what

    • Your business files and emails are secured. Microsofts Office 365 business apps require a personal PIN to use the app. This PIN gives you access to your files and/or email messages. If you do not use your phone for 30 minutes, you must enter the PIN again.
    • Files within the Office365 apps are secured.
    • It is not possible to copy content (text) from and to private apps; only between business apps.
    • It is not possible to store business files outside OneDrive for Business or SharePoint. Saving files to your phone or other random (Cloud) location is not possible.

    For the installation of SCEM you need to authenticate yourself as a UU employee. This is done by means of 2FA – Two Factor Authentication (you can turn on 2FA on the website https://mysolisid.uu.nl). To make this possible you need an authenticator app, we recommend using Microsoft Authenticator.

    Data protection is based on Solis-ID/email address and not on device level. This means that as long as the Company Portal app is not installed on your device, the UU data on your device cannot be accessed.

    All iOS and Android mobile phones and tablets that you install or access anything from the UU on. Windows 10 is beyond the scope of SCEM. Working on your Windows 10 computer will not change.

    At this moment, only the Office 365 apps are regarded as business apps. The other apps (such as Whatsapp or Signal) will not be included in the business container and will remain classified as private apps. Just as it is now (without the business container).

    Files, and text in files, that are present in the managed apps. Note that a file is not considered business data until it is stored in OneDrive, SharePoint or Teams (i.e. Word, Excel and PowerPoint files stored locally on the device are considered private files (until they are stored in OneDrive, SharePoint or Teams).

    That is correct, if you are not reading mail on your phone/Office apps to view UU data no action is required. If you want to use UU apps in the future, you can still go through the steps.

    No, unfortunately this is not possible. A business or private phone can only be managed by one organisation. This is a logical limitation. Enforcing policies by two organisations creates conflicts.

    SCEM security does not allow the use of a pattern anymore because the security level is too low.

    Fingerprint unlocking for apps within your Workbook has to be turned on separately for Android devices.

    How do I activate a fingerprint for work apps?

    • Go to settings/work profile
    • Go to “fingerprints” setting ” and register a fingerprint.

    • To use this option, a PIN code must be set for the working directory.
    • Press PIN code and enter a PIN code of at least 6 digits (can be the same as for screen lock).
    • Now register the fingerprint and if it is registered correctly, press Done.

    If everything went well you will now see the options PIN and Fingerprint under “Lock type work profile”.

    It is now possible to unlock work apps with a fingerprint.

    Yes, every 30 minutes. This means if you have not opened or viewed an application for 30 minutes you must log in again. Each time you open or are active in an application the 30 min. is extended.

    Per faculty/service, all employees are provided with security on their mobile devices. If you want to switch to a different date due to personal or technical circumstances, please submit a call to the Servicedesk. As of September 1st, it is no longer possible to view UU data on your phone without security.

    This is not desired, but only possible by submitting a call to the Servicedesk. The migration takes place per faculty/service. As of September 1st, it is no longer possible to view UU data on your phone without security.

    The 2FA security is currently not active on apps on your phone. You use your phone to log in on other devices (e.g. laptop) via 2FA.

    Yes, it is. A DPIA was performed prior to implementation.

  • SCEM Applications

    Yes, if you are already using Microsoft Outlook for your private email this will still be possible. Your private email will be visible as an extra mailbox in Microsoft Outlook. Using another mail app such as Apple Mail or Google Mail for your private email remains possible and is not blocked by UU.

    No, this is not possible. In the Microsoft Outlook app, SCEM security has been applied. This is not the case in another mail app, such as the standard mail app from Apple or Google. This is why the use of Microsoft Outlook is enforced to be able to read your UU e-mail. This means that the UU mail cannot be accessed from the native email app.

    No, this is not possible. In the Microsoft Outlook app, SCEM security has been applied. This is not the case in another calendar app, such as the standard calendar app from Apple or Google. This is why the use of Microsoft Outlook is enforced to be able to read your UU calendar. This means that the UU calendar cannot be accessed using the native email app.

    To open webmail you need the Edge app. This is a secure app of the University. This is how we make sure you access your webmail through a secure connection. You do have to “log in” to the Edge app before opening the webmail.

    This differs between a UU business device and a private device. It also differs by platform (iOS or Android). On an Android business device, work and private will be separated by containers (a private and a work container). The business apps are visible and usable from the work container while the private apps are usable from the private container.  There is a physical separation between work and private.

    On a business iOS device, the separation of work and private is not separated by these containers. The business apps are in between your private apps. The business apps are considered business and security will be applied to them. Your private apps are not affected. On a private phone (iOS or Android), only the business apps are protected. No settings or security policies are enforced on your private apps. This only happens on the UU apps.

    On an Android device the workbook is a separate window. The apps in it can only be accessed via that window. To get to this workbook you have to swipe up on the start screen so that you can get to your apps. In this window there are two tabs (accessible at the bottom), Personal and Work. To quickly access your work apps, you can also copy the app shortcut to your home screen by holding down the app icon for a longer time and dragging it to the home screen.

    In your Working directory, a number of mandatory apps are installed. These apps are automatically reinstalled if you manually uninstall them.

    No, it will still be possible to take screenshots of business data.
    The following apps will be managed by SCEM and thus form the business bubble (there will be more in the future);

    • Outlook
    • Word
    • Excel
    • PowerPoint
    • Teams
    • Edge
    • OneDrive
    • SharePoint
    • OneNote
    • Adobe
    • Company portal (broker app* for Android and iOS business)
    • Microsoft Authenticator (broker app* for iOS Private)

    Also, for Android business, the apps Gallery (for photos) and Open Camera are automatically installed as part of the enrolment process. These can be used for business photos. No app pin is enforced for these apps, but data from the Gallery app cannot be shared outside the business bubble.

    This depends on two things, the OS and whether you are using a UU or private device. On a business Android device there will be a physical separation between work and private (also called containers). The contacts in Microsoft Outlook will be synchronised with the contacts in the work container, not the contacts in the private container.

    On a business or private iOS device, the business contacts are visible in the standard contact list (native app). The contacts are not physically located within the contacts app. When calling or being called, the business contact is shown and not the phone number. Synchronising the business agenda from Microsoft Outlook is not possible. This is not (yet) supported by Microsoft at this time.

    In addition to a PIN, you can also choose biometrics (e.g. Face ID).

    This depends on the platform (iOS or Android) and business or private device. On a business Android device, there will be a physical separation between work and private (containers). The contacts in Microsoft Outlook (=business app) are synchronised by default with the contacts from the work container, not with the private container. It is possible to set up a manual synchronisation between your private contacts (and private calendar) and Office365. So there are possibilities to set up synchronisation between work and private. On a business iOS device the contacts are synchronised (with the native contact list).

    If you have a UU device you must use Edge as your internet browser. With a private device you can decide which browser you want to use. This is because you cannot download everything outside of the bubble. Also an internet link sent through the UU-mail will not open outside your bubble.

    You can no longer use the Office Suite. Utrecht University supports the separate Office apps (Word, Excel, PowerPoint etc.). It is important that when you first use them, you first open the Office app and log in with your UU account. From then on you can open all files from your mail or Teams. This only applies to private devices. For UU devices, the apps that need to be used are pushed to the device.

    SCEM only manages the UU secured apps and does nothing with the SIM card or the 06 number. Using 1 or 2 sim cards does not affect the UU secured or the private apps one uses.

    You can have 2 accounts for WhatsApp on 1 phone, for the second 06 number download the WhatsApp business app. WhatsApp cannot be installed in the work folder (Android).

Last modified: 17/06/2022

Was this manual helpful? Please help us improve our manuals by providing feedback!