In order to protect Rutgers' data on mobile devices, mobile devices that are linked with Rutgers Connect are required to have a Mobile Management Policy installed.  There are two different policies for Rutgers users, one for those who work with Protected Health Information (PHI) data and one for everyone else. 

Users who work with PHI can find the details of that polcy here: https://oit.rutgers.edu/connect/using/mdm-policy-rbhs

Users who do not work with PHI have a much less stringent policy that is detailed here: https://oit.rutgers.edu/connect/using/mdm-policy

In order to implment these policies, the Microsoft InTune software must be installed on your device.   When installing the software, the device will ask you to agree to all the functions the software can perform.  This list includes the list of features that the full version of Microsoft InTune can perform. Rutgers Connect is not capable of utilizing most of these features.  The only thing that Office 365 is set to do for non-PHI users is require some type of lock on the device (pin/swipe/fingerprint/etc), ensure the device is not jailbroken/rooted and remote wipe the device.  (Device wipes will only be performed at the user's request).

Users handling PHI have the additional protections specified at the page linked above.  Most users in SAS do not work with PHI and will only be required to agree to the less stringent management policy.

The version of the management software that is included in our Office 365 license isn't the full InTune package, it's a stripped down package that doesn't have all of the capabilities of the full version.  However, there is no stripped down version of the client so you're seeing all the capabilities that the client has, even though Office 365 doesn't have those capabilities.  In short, even if someone decided to violate policy and tried to use this tool to, for example, to pull data off of your phone, they can't.  The software we're using doesn't have the capability.

Here's a link to everything that Office 365 is capable of:
https://support.office.com/en-us/article/Capabilities-of-built-in-Mobile-Device-Management-for-Office-365-a1da44e5-7475-4992-be91-9ccec25905b0?ui=en-US&rs=en-US&ad=US.

You'll notice that this list does not include things like adding or removing apps or accessing your data.  The only capabilities are those that would allow for the protection of institutional data from being available should the device be lost or stolen.

If you still do not want to agree to the management policy, you can still access your Rutgers Connect data by using your mobile device's web browser to access http://connect.rutgers.edu.

Why a Mobile Management Policy is Important

The mobile management policy for Protected Health Information (PHI) users is mandated by law.  Anyone dealing with PHI must have the mobile management policy.  For users who do not work with PHI, only the minimum protections are put in place.  Having a password on any device that contains Rutgers data is Rutgers policy in addition to being a common sense security practice.  Without a password/pin on your device, anyone can simply pick it up and access all of the information on the device.

The ability to wipe the phone is necessary because the device is not being encrypted and PINs can be broken.  Mobile devices can contain an enormous amount of data in addition to having saved passwords so they can continue to access any new information.  If the person who finds the phone guesses the PIN or they connect the device to a computer, the infromation on an unencrypted device can still be downloaded.  Having the ability to remote wipe the device allowed all the data (yours and Rutgers') to be protected.  This feature will only be used if the user notifies IT support that their device has been lost and needs to be wiped and, if the device is setup properly, all the data on the device should still reside on the servers or in the providers cloud server so it can be restored.