Summary
This article provides frequently asked questions and answers regarding managed endpoints, endpoint protection, and replacing managed computers at USNH.
As cyberattacks have become more prevalent and advanced, USNH is taking steps to improve the protection of university-owned endpoints – the computers, laptops, and other devices that connect to USNH networks, to the internet on campus, or to USNH resources online. Endpoint Protection is the name that covers several tools and strategies in use at USNH.
Questions
Endpoint Protection
Q1 - What are Endpoints?
Q2 - What is Endpoint Protection?
Q3 - What is Endpoint Detection and Response (EDR)?
Q4 - What is Data Loss Prevention (DLP)?
Q5 - Why do we need Endpoint Protection?
Software on Managed Endpoints
Q6 - What software is available for installation on my managed computer?
Q7 - What if I need software that isn’t listed in the software management app on my computer?
Q8 - How do I request that a software application be added to the software management app so it’s available for installation on managed computers?
Q9 - What if I need local administration rights on my computer to effectively do my job?
Repair or Replacement of Managed Endpoints
Q10 - What do I do if my managed computer stops working or needs to be repaired?
Q11 - What do I do if my managed computer needs to be replaced because it’s broken or is too old?
Q12 - What happens to my old computer if I get a new managed endpoint?
Answers
Endpoint Protection
A1 - What are Endpoints?
Endpoints are the university-owned computers, laptops, and other devices that connect to USNH networks, to the internet on campus, or to USNH resources online.
Back to Questions
A2 - What is Endpoint Protection?
Endpoint protection is the practice of securing endpoints (such as desktops and laptops) from being exploited by malicious actors and campaigns. Enterprise Technology & Services (ET&S) is implementing improved endpoint protection through two technology solutions – Endpoint Detection and Response (EDR) and Data Loss Prevention (DLP) – that will help USNH mitigate cyber threats and maintain the security, integrity, and availability of the university’s information systems.
Back to Questions
A3 - What is Endpoint Detection and Response (EDR)?
Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors and responds to potential security vulnerabilities on endpoints. It provides real-time detection and response capabilities to identify and mitigate security incidents and to identify vulnerabilities that put a computer and the data stored on it at risk. It can identify both known cyber threats and can identify behaviors that are likely to be a new cyber threat.
Back to Questions
A4 - What is Data Loss Prevention (DLP)?
Data Loss Prevention (DLP) is a security strategy that helps organizations prevent the unauthorized disclosure of sensitive data by monitoring, detecting, and preventing data breaches. DLP solutions can identify, track, and control the flow of sensitive data (for example, social security or credit card numbers) within an organization.
Back to Questions
A5 - Why do we need Endpoint Protection?
Cyberthreats are pervasive and real. Parties with malicious intent are using increasingly advanced and automated cyberattacks. The university’s network and computers are under constant attack by organized criminals, nation-state entities, hackers, and anarchic or activist groups with goals of financial gain, espionage, and theft of intellectual property, or to promote their sociopolitical goals.
The University System of New Hampshire must protect intellectual property, financial information, the personal information of employees and students, and other sensitive data. We have had measures and tools in place to do this for many years, but as the threat landscape evolves, our protections must also evolve. We are constantly evaluating and updating our use of technical tools and capabilities to mitigate cyber risk to protect USNH’s assets and the privacy of our community members. USNH is not unique in taking these steps – EDR and DLP are widely implemented in most corporations and government agencies, as well as at many universities.
Back to Questions
Software on Managed Endpoints
A6 - What software is available for installation on my managed computer?
Managed endpoints include a software management app with approved software packages available for you to install as needed without any need for local admin privileges. See instructions in our articles for the Company Portal (Windows) and the Self-Service App Catalog (macOS).
Back to Questions
A7 - What if I need software that isn’t listed in the software management app on my computer?
If you have checked the software available in the software management app on your computer (Company Portal for Windows and Self-Service App Catalog for macOS) and what you need is not listed, then you can reach out to Desktop Support and our technicians will assist you to install the software you need. Requested software may need to undergo a Security Assessment Review (SAR) prior to being approved for installation. If approved, then ET&S Client Services can assist with the installation either by a remote session or by a walk-up appointment for you to bring your computer in.
Back to Questions
A8 - How do I request that a software application be added to the software management app so it’s available for installation on managed computers?
Submit an Application Portal request to add your desired software to the Application Portal. Please provide an example of how you would use this software and explain why you need it on your managed computer. Requested software may need a Security Assessment Review (SAR) before being approved. If approved, then the software will be added to the Application Portal, available for you to install on your managed endpoint.
Back to Questions
A9 - What if I need local administration rights on my computer to effectively do my job?
In alignment with the current USNH Access Management Standard, local admin privileges are only allowed on USNH owned devices with a justified business purpose and an approved request from Cybersecurity.
If you have a business requirement for frequent elevated user privileges, then you can request access to the Privileged Access Management tool. You must first go through training, complete and sign the agreement with approval from your supervisor or manager, then submit your request which must be approved by USNH Cybersecurity. For full instructions and access to the required materials see the Privileged Access Management service description.
Back to Questions
Repair or Replacement of Managed Endpoints
A10 - What do I do if my managed computer stops working or needs to be repaired?
Report the problem to ET&S Client Services or visit one of our walk-up support locations. Be sure to include the computer’s name (Windows) or Serial Number (MacOS) and other information required on the linked request form.
ET&S Client Services maintains a small fleet of loaner laptops available on a first come, first served basis (if needed) when an employee’s primary device is sent out for repair or remediation. A loaner will be offered during the repair process if needed, available, and appropriate.
Back to Questions
A11 - What do I do if my managed computer needs to be replaced because it’s broken or is too old?
If your computer becomes so old that it presents a security risk, or if it starts to experience hardware issues that are too costly to warrant repair given the device's age, then your computer, laptop, or other endpoint device may need to be replaced. In that situation, you will need to be sure you are ready to turn your old computer back in to ET&S. Please see details in our special article on Endpoint Management: Preparing for a Replacement Computer.
Back to Questions
A12 - What happens to my old computer if I get a new managed endpoint?
When you pick up your new computer, you will be asked to turn in your old computer at the same time. ET&S will evaluate the old computer and either re-deploy it or send it to be recycled.
Back to Questions
Further Readings
Company Portal: Installing Applications on Intune Managed Workstations - Windows
Installing Applications via Self-Service App from JAMF
Client Services: In-Person Service Hours and Locations
Endpoint Management: About the Endpoint Life Cycle
Endpoint Management: Preparing for a Replacement Computer
USNH Endpoint Management Standards
USNH Cybersecurity Policies & Standards
Need additional help?
Desktop Support - Service Request
Application Portal - Service Request
Privileged Access Management - Service Request
To submit a support request, please fill out the ET&S Desktop Support webform with as much detail as possible, or contact the Technology Help Desk team on your local campus. For password issues you must call or visit the Help Desk in person.