Endpoint Management Project
In alignment with the SDSU Strategic Plan priority "We Are SDSU," the Endpoint Management Project is committed to transitioning to cloud-based endpoint security, device management, and authentication systems to enhance security and device management practices all SDSU desktops, laptops, and tablets. These systems include Microsoft Defender Security Center, Jamf Pro, Microsoft Endpoint Manager, ManageEngine Patch Manager Plus, and Azure Active Directory.
Transitioning to cloud-based endpoint security, device management, and authentication systems will allow systems administrators to deploy, protect, and support devices regardless of whether or not the devices are on campus. The IT Security Office, the Endpoint Management Project Team, and the campus Endpoint Security Working Group are charged with implementing these modern device management systems and enrolling all SDSU desktops, laptops, and tablets including state and auxiliary devices.
Goals & Deliverables
Microsoft Defender Security Center.
The first goal is to enroll 100% of SDSU macOS and Windows systems in Microsoft Defender Security Center to assist with protecting SDSU data and identities. Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
Jamf Pro and Microsoft Endpoint Manager.
The second goal is to move to cloud-based modern device management processes for deploying and managing all SDSU devices using Jamf Pro and Microsoft Endpoint Manager. Windows devices can be pre-registered in Microsoft Endpoint Manger at the time of purchase by our preferred resellers including Dell. MacOS and iOS devices can be pre-registered in Jamf by the SDSU Bookstore.
Azure Active Directory
A third and equally important goal is to configure all Windows and MacOS devices to use SDSUid authentication using cloud-based Azure Active Directory.
- Enroll 100% of SDSU devices (State and Auxiliary) in Microsoft Defender Security Center.
- Enroll 100% of SDSU MacOS and iOS devices (State and Auxiliary) in Jamf Pro Cloud.
- Enroll 100% of Windows 10 devices (State and Auxiliary) in Microsoft Endpoint Manager.
- Deploy all new MacOS devices using Jamf and Apple Automated Device Enrollment.
- Deploy all new Windows 10 devices using Windows Autopilot.
- Configure all devices to use cloud-based Azure Active Directory for SDSUid authentication instead of on-premises Active Directory.
- Transition all Windows 10 OS patching to Windows Update for Business and phase out the use of Group Policy, WSUS, and other OS update systems.
- Manage macOS patches using Jamf.
- Manage third party application patching using MangeEngine Patch Manager Plus Enterprise Cloud.
- Decommission Comodo One, Ninite, Workspace One, ZenWorks, McAfee, Sophos, and other device management and antivirus systems and transition to the campus device management and security platforms.
- Deploy/install applications using the Microsoft Company Portal and the Jamf self service application portal.
|Ricardo Fitpaldi||Tom Voss||Chris Leong||Dave Kerberg||Brian Lenz||Saul Denova||Tim Maides||Micah Doiron||Sheryll Del Rosario||Endpoint Management Working Group||Jamf Pro Cloud Group||ID Domain Support Group||Jerry Sheehan|
Microsoft Defender ATP & Security Center
|ManageEngine Patch Manager Plus||I||A||C||R||R||R||C||C||C||C||I||I|
|Jamf Pro Cloud & Apple Automated Device Enrollment||I||I||A||C||R||R||I||I||I||C||I||I|
|Microsoft Endpoint Manager & Windows Autopilot||I||A||I||R||C||R||R||C||C||C||I||I|
|Azure Active Directory||I||A||C||R||C||R||C||I||I||C||I||I|
|Develop Endpoint Training||I||A||A||I||I|
|R - Responsible||Assigned to complete the task or deliverable|
|A - Accountable||Has final decision-making authority and accountability for completion. Only 1 per task|
|C - Consulted||An advisor, stakeholder or subject matter expert who is consulted before a decision or action is taken.|
|I - Informed||Must be informed after a decision or action is taken|
- Milestone Project Endpoint security and Management starts
- Enroll first group of computers into Microsoft MEM and Microsoft Security Center
- Establish process Apple automated Device Enrollment
- Enroll first batch of Apple computers into Jamf