Bring Your Own Device (BYOD)
BYOD enables staff and students to use their own personal devices such as phones, tablets, and laptops to access University resources such as:
- Corporate communication systems – Outlook Email & Teams
- Licensed software apps – Autodesk & Adobe
- Cloud data storage platforms – OneDrive for Business & SharePoint
Due to the number of personal devices connected to University networks and accessing organisational data such as Email and Microsoft Teams there are additional security risks to be considered.
To help protect against these security risks, the University is responsible for and required to implement additional security measures to ensure that our University data and systems are protected and we are compliant with the NCSC Cyber Essentials Certification.
Cyber Essentials is a simple and effective Government backed scheme that will help you protect your organisation against a range of the most common cyber attack.
Cyber Essentials sets out five controls which you can implement immediately to strengthen your cyber defences:
- Use a firewall to secure your internet connection
- Choose the most secure settings for your devices and software
- Control who has access to your data and services
- Protect yourself from viruses and other malware
- Keep your devices and software up to date
You can find out more by reading the online Cyber Essentials information leaflet.
Students will need to read and accept the IT Acceptable Use Policy however, there are no BYOD specific requirements for students.
Students are able to use Personal BYOD devices to access University resources such as Email and Microsoft Teams and will NOT be re required to enrol their device in the University’s MDM solution – Microsoft Intune.
All staff requiring access to University Owned Data and Cloud Services such as Email via a Mobile App or Desktop Application, will be required to read and comply with the UWTSD Bring Your Own Device Policy (BYOD), and enrol their device into the University's Mobile Device Management (MDM) solution - Microsoft Intune.
The UWTSD BYOD Policy covers the use of personally owned electronic devices to access and store University information. Such devices include smart phones, tablets, laptops, desktop computers and similar technologies which are commonly known as ‘Bring Your Own Device’ or BYOD.
All users who wish to use their personal devices must abide by the policy and the University must ensure that it remains in control of organisational data for which it is responsible, regardless of the ownership of the device used to access the data.
The University must also protect its intellectual property as well as empowering staff to ensure that they protect their own personal information.
The following options are the required processes which must be followed to access University Data from a Personal BYOD Device. The University recommends either:
- Wherever possible users access University data and services from a university provided device.
- If it is not possible to utilise a University Provided Device, then users should where possible only access University owned data and Cloud services such as Microsoft 365 Email from a BYOD device using an Internet Web Browser interface.
- User’s requiring access to University owned data and Cloud services such as Email via a mobile application or desktop application such as Offices 365 will be required to enrol their device into the University’s Mobile Device management (MDM) solution - Intune.
You will be automatically prompted to enrol your Personal (BYOD) Device after you sign in into any UWTSD Microsoft 365 services.
When signing in to UWTSD Microsoft 365 services, you will be guided through enrolling your device however, we have created the following guides to help simplify the enrolment process.
Please follow the appropriate guide for your Personal (BYOD) Device:
The UWTSD Bring Your Own Device Policy (BYOD) does not apply to any managed devices provided to you by the University.
If you have been provided with a University managed device, appropriate controls and mobile device management policies are already in place.
If you access Microsoft 365 services such as SharePoint Online or OneDrive Online using a web browser, you will need to ensure you are logged into the web browser with your University account. To login to your web browser with your University account, follow our Enabling Browser Single Sign On (SSO) user guide.
If you have a University provided device and experience any issues accessing University data or apps, or are prompted to enrol your device, please contact our IT Service Desk for assistance.
The university cannot see any personal information on your Personal BYOD Device at any stage after you enrol your device in Microsoft Intune.
Enrolling your device does however make certain information, such as device model and serial number, visible to authorised UWTSD IT support staff with administrator access.
To find out more about what can and cannot be seen, please visit Microsoft’s Device Enrolment Information webpage.
To help, we have summarised what can and cannot be seen on your Personal BYOD Device.
Things UWTSD IT Administrators can never see:
- Calling and web browsing history
- Email and text messages
- Pictures, including what's in the photos app or camera roll
- Additionally, on corporate-owned Android devices with a work profile:
- Apps and data in your personal profile
- Phone number
Things UWTSD IT Administrators can see:
- Device owner
- Device name
- Device serial number
- Device model, such as Google Pixel
- Device manufacturer, such as Microsoft
- Operating system and version, such as iOS 12.0.1
- Device IMEI
- App inventory and app names, such as Microsoft Word
- On personal devices, your organization can only see your managed app inventory, which includes work and school apps.
- On corporate-owned devices, your organization can see all apps installed on the device.
- On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.
No. If you enrol your Personal BYOD Device, the University does not take full control of your device.
A separate UWTSD work profile will be created, which keeps UWTSD apps and data separate to your personal apps and data.
If your employment with the University ends, this separate work profile will be removed from your Personal BYOD Device, and your device will be un-enrolled from the University’s MDM solution – Microsoft Intune.
By enrolling your personal Windows 10, Windows 11 or Apple MacOS device in the University’s MDM solution “Microsoft Intune”, Microsoft provide UWTSD the functionally to remotely reset your device to its out of box experience. UWTSD policy is that it will never factory reset a personal device. This functionality is not available to the University for any personal Android or Apple iOS devices which are enrolled.
Before taking the decision to enrol your device you must ensure your data is backed up to an external source such as an external drive or cloud storage. How to Back Up Your Data and Keep Your Files Safe (techtarget.com)
By enrolling your device, you acknowledge that the university will not be responsible for any loss of data from your device.
Before deciding to access UWTSD data and services from a Personal (BYOD) Device, staff must read, familiarise, and comply with the UWTSD Bring Your Own Device Policy (BYOD).
The key requirements detailed within the policy are:
- Personal BYOD Devices must be running a supported Operating System.
- Personal BYOD Device must be supported by the Manufacturer and have all Firmware Updates applied.
- Personal BYOD Device must be running a firewall if one exists, and have an Antivirus solution running and up to date.
- Users must set up a separate user account profile without Administrative or Elevated rights on their device for the purposes of accessing corporate data on devices which support multiple user accounts.
- In order to prevent unauthorised access, devices must be protected by a PIN or Password depending on the operating system.
The University is responsible for defining, updating and enforcing the UWTSD Bring Your Own Device Policy (BYOD).
To help protect against security risks, the University is responsible for and required to implement additional security measures to ensure that our University data and systems are protected and compliant.
- UWTSD is not responsible or liable for any damage, loss, or service interruption of any BYOD device.
- BYOD devices will NOT be supported by the IT Service Desk beyond UWTSD installed software (E.g. Mobile Device Management (MDM) solutions, security tools etc.).
- Network connectivity issues on campus are supported by the IT Service Desk.
- Users should contact the device manufacturer or their carrier for operating system or hardware related issues.
Accessing University Owned Data and Cloud Services such as O365 Email, Teams from a Personal BYOD Device without enrolling your device is permitted, but will provide reduced functionality.
If you do not enrol your device, you will not be able to access University Owned Data and Cloud Services utilising Mobile or Desktop Applications.
Instead, you will only be able to access University data by using a Web Browser Interface such as Microsoft Edge which will provide reduced functionality.
To find out more about how to access University Owned Data using a Web Browser and what functionality restrictions are in place, please follow our BYOD Web Browser Access guide.
How many devices can I Enrol?
There are no restrictions on the number of devices you can enrol/register.
How do I un-enrol my device?
Please contact the IT Service Desk who will retire your personal device from the University MDM Solution - Microsoft Intune.
Secure Disposal of Equipment?
When you dispose of any kind of device, you must ensure it is securely deleted/disposed of.
Please contact the IT Service Desk who will retire your personal device from the University MDM Solution Microsoft Intune.
Do I need to enrol my personal device if I use it for Voice, SMS Text or MFA Authentication?
No, you do not need to enrol your personal device for the purpose of making or receiving voice calls, SMS Text messages of MFA Authentication.
Does my personal device require a password/pin to unlock?
Yes. If you enrol your device then the device must be unlocked using credentials such as biometric, password or PIN before using it to access University Data. Please refer to the BYOD Security Compliance Settings guide for the requirements.
Will I have to change the Password/PIN length on my personal device?
You may have to change your device password/pin if your current security settings do not meet the minimum security requirements.
Please refer to the BYOD Security Compliance Settings guide for the requirements.
What happens if my personal device does not meet the required security compliance settings?
Devices will be marked as Non-compliant should they fall below the required security compliance requirements. Once a device is marked as Non-compliant, the following process will occur:
- Device will be given 14 days grace period
- An email notification will be sent to the owner of the device informing them of non-compliance
- After 14 days of non-compliance – device will be retired from Intune and will require registering/enrolling again to access university data.
Can I access data without enrolling my personal device?
Yes. You can access data without enrolling your personal device by using a web browser however, access will be restricted. Please read our BYOD Web Browser Access for more information.
Will I notice any changes on my University owned device?
After the BYOD policy has been applied to your account, you may notice the following if you use an Apple device.
macOS – MacBook/iMac
When launching any office 365 apps or online apps for the first time you may see the following - Please chose the certificate and continue. (Please note – GUID may be different)
iOS devices – iPhone/iPad
When launching any office 365 apps or online apps for the first time - you may see the following - Please chose either certificate. (Please note – GUID may be different)
What are the supported Internet browsers for Microsoft Teams Online and Outlook Online?
UWTSD recommend using the latest stable version of Microsoft Edge across all device platforms.
Please see the following for further information:
By enrolling your device, you acknowledge that your personal device will have required security controls enforced on your personal device to ensure that University Data is secure.
These security controls include but are not limited to:
- Enforced complex security password with minimum length requirement.
- Automatic screen lock after period of inactivity.
Before taking the decision to enrol your device you must ensure that you have read and accept the University’s BYOD Security Compliance Settings requirements.