.. vim: syntax=rst .. include:: ../global.rst .. _policy-policy_docs-epm: ========================== Endpoint Management Policy ========================== In an effort to improve the consistency, efficiency, and security of endpoint management on the UT campus, the IT Leadership Council Endpoint Management (EPM) Standing Committee, in partnership with the Information Security Office, is leading a campus-wide initiative to develop and implement endpoint management practices and centrally managed endpoint management tools for university desktops, laptops, and tablets. More details on this can be found here: `Endpoint Management (EPM) Centralization and Standardization Program`_ UT is leveraging EPM tools for Microsoft and Apple devices. Apple laptops and tablets are to be installed with JAMF while Microsoft devices will be installed with MECM (Microsoft Endpoint Management Configuration Manager), formerly SCCM. This software will be installed before we deploy devices to end users. ---- JAMF ---- In 2021, the Oden Institute purchased licenses from JAMF to manage our fleet of Apple devices. Shortly after, UT worked out an agreement with JAMF to provide licenses for the campus. Sysnet is working on migrating devices from our JAMF instance to UT's JAMF instance. Instuctions on how to migrate JAMF are outlined below: :ref:`JAMF Migration Instructions for MacOS ` ---- MECM ---- We worked out an agreement to with Aerospace Engineering to use their MECM instance since we have so few Windows devices. As we deploy Windows laptops and desktops, they must be bound to Austin Active Directory (AAD) and have MECM installed. ------ NESSUS ------ All laptops, desktops, and servers are to have Nessus agents installed as part of the `Minimum Security Standards for Systems`_ Nessus agents provide vulnerability scanning for systems