Endpoint Management

Endpoint Management Project

In alignment with the SDSU Strategic Plan priority "We Are SDSU," the Endpoint Management Project is committed to transitioning to cloud-based endpoint security, device management, and authentication systems to enhance security and device management practices all SDSU desktops, laptops, and tablets. These systems include Microsoft Defender Security Center, Jamf Pro, Microsoft Endpoint Manager, ManageEngine Patch Manager Plus, and Azure Active Directory.

Description

Transitioning to cloud-based endpoint security, device management, and authentication systems will allow systems administrators to deploy, protect, and support devices regardless of whether or not the devices are on campus. The IT Security Office, the Endpoint Management Project Team, and the campus Endpoint Security Working Group are charged with implementing these modern device management systems and enrolling all SDSU desktops, laptops, and tablets including state and auxiliary devices.

Goals & Deliverables

Goals

  1. Microsoft Defender Security Center.

    The first goal is to enroll 100% of SDSU macOS and Windows systems in Microsoft Defender Security Center to assist with protecting SDSU data and identities. Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.

  2. Jamf Pro and Microsoft Endpoint Manager.

    The second goal is to move to cloud-based modern device management processes for deploying and managing all SDSU devices using Jamf Pro and Microsoft Endpoint Manager. Windows devices can be pre-registered in Microsoft Endpoint Manger at the time of purchase by our preferred resellers including Dell. MacOS and iOS devices can be pre-registered in Jamf by the SDSU Bookstore.

  3. Azure Active Directory

    A third and equally important goal is to configure all Windows and MacOS devices to use SDSUid authentication using cloud-based Azure Active Directory.

Deliverables

  • Enroll 100% of SDSU devices (State and Auxiliary) in Microsoft Defender Security Center.
  • Enroll 100% of SDSU MacOS and iOS devices (State and Auxiliary) in Jamf Pro Cloud.
  • Enroll 100% of Windows 10 devices (State and Auxiliary) in Microsoft Endpoint Manager.
  • Deploy all new MacOS devices using Jamf and Apple Automated Device Enrollment.
  • Deploy all new Windows 10 devices using Windows Autopilot.
  • Configure all devices to use cloud-based Azure Active Directory for SDSUid authentication instead of on-premises Active Directory.
  • Transition all Windows 10 OS patching to Windows Update for Business and phase out the use of Group Policy, WSUS, and other OS update systems.
  • Manage macOS patches using Jamf.
  • Manage third party application patching using MangeEngine Patch Manager Plus Enterprise Cloud.
  • Decommission Comodo One, Ninite, Workspace One, ZenWorks, McAfee, Sophos, and other device management and antivirus systems and transition to the campus device management and security platforms.
  • Deploy/install applications using the Microsoft Company Portal and the Jamf self service application portal.

 

RACI

Endpoint RACI Matrix

RACI definition

Timeline

Endpoint Timeline 2020-21

 

Updates

Loading Feed