Mobile Device Security Requirements

To ensure the compliance of the Mobile Device Encryption Policy signed by President Gogue, the ActiveSync mailbox rules will be updated on Monday, November 2, 2015. This change will require that any smartphone/tablet trying to check University email via Exchange ActiveSync have the following security settings in place:

  • A secure lock code
    - at least four digit PIN or password
    - no simple PIN/password allowed (no all same character/number passwords or ascending/descending patterns - ex. 11111, bbbbbb, 9876, 34567)
    - if you forget your PIN or Password, a Factory Reset on your device will be necessary to regain access
  • Encrypted Device
  • Encrypted Storage Card (if present)
  • Turn on auto factory reset if you attempt to unlock your phone incorrectly x # of times
  • Auto-lock set to 10 minutes or less

NOTE

These new ActiveSync rules do NOT make changes to your device for you. These security features must be enabled for ActiveSync to allow email to flow to your device. This means iOS users will likely need to manually turn on the "auto factory reset" feature and Android users will likely need to manually enable all the required security features.

You are strongly encouraged to take steps now to ensure your device is in compliance so there will be no interruption in email service to your device. If you need help making these changes, contact your IT Provider.

ANDROID USERS

Please backup your device information, including photos, before running the encryption, there is a possibility when trying to encrypt the device that it could fail and a Factory Reset may need to be done to restore the device. When this occurs this means there is a potential to lose data for Call Logs, Contacts, Instant Messaging, photos and other data for applications.

Mobile Device Encryption Chart

OS Version Native Encryption Time to Encrypt Battery Life Required Lock Method Notes
iOS 3.1 or greater Yes 5 mins NA PIN Encrypted automatically when passcode & auto-lock are set
Android 4.4.x - 5.x Yes Up to an hour 80%, Recommended to plugin charger PIN or Password Upgrade or New Phones Factory Encrypted
Android 4.0 - 4.2 Yes One hour or more 100%, Recommended to plugin charger PIN or Password
Android 1.6 - 3.0 No, Use third party application Varies based on device Recommended to plugin charger PIN Recommend Outlook Web App
Windows Phone 8 or 8.1 update 1 Yes 5 mins NA PIN Encrypted automatically when passcode is set and policy applied (encryption cannot be user initiated)
Windows 10 Mobile Yes 5 mins NA PIN  

Windows 8.1 users: The Microsoft native mail application does not support Microsoft ActiveSync. To access your email on this device please use Outlook email that comes with Office or Outlook Web Access.

How to Set a PIN/Password, Set Auto-Lock Time, and Turn on Encryption

iOS

NOTE: Encryption is automatically turned on when passcode is set.

  1. Tap Settings.
  2. Tap General.
  3. Tap Auto-lock (choices are 1-5 minutes).

    Note - if fingerprint unlock is activated, 'immediate' is the only choice

  4. Tap Settings.
  5. Tap Touch ID & Passcode (enter a 4 digit passcode).

Android 4.4 - 5.x

NOTE: Before you begin encryption, the phone must be 80% charged and connected to the charger.

  1. Go to the Settings App.
  2. Tap Lock Screen.
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set).
  4. Choose Lock Automatically to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Settings
  6. Tap Security.
  7. Tap Encrypt Device, then "Encrypt SD card."
  8. A 4 digit PIN or a password is required to be set, if not already set.

Android 4.0 - 4.2

NOTE: Before you begin encryption, the phone must be 100% charged and connected to the charger.

  1. Go to Settings
  2. Tap Security
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set).
  4. Choose Automatically Lock to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Security.
  6. Chose Encrypt phone/tablet, then "Encrypt SD card."
  7. Tap Next and Enter PIN.
  8. Tap Encrypt phone/tablet.
  9. Phone will reset several times, then ask for PIN to finalize the process.

Windows Phone 8 - 8.1 (Update 1)

When Active Sync is enabled on an existing Exchange account for Windows Phone you will be giving the following prompt:

"Create a new password"

Your phone's security policy has changed, so you'll need to change your lock screen password. Here are the new requirements.
Must have at least 4 digits
Select "Set" to add the password.

If you select "Set" you will be prompted to create a pin."

To verify that the device is encrypted on Windows Phone 8.1, please do the following:

  • Go to Settings.
  • Tap Storage Sense
  • Under the Phone listing you should see the amount of storage used and the word "Encrypted".

Windows 10 Mobile

Device encryption is an option that comes disable by default, but you can easily enable the feature using the following steps:

  1. While in the Start screen, swipe left to bring All apps, then search for and open the Settings app, and tap on System.

    System section within Settings
  2. Next, tap on Device encryption.

    Device encryption on the System page
  3. Finally, make sure to slide the Device encryption pill switch to the On position to enable the feature.

    Toggle Device Encryption On

Important Note: A password PIN must be in place to enable the feature if your mobile device doesn't have one when trying to enable Device encryption, you will be automatically redirected to the Sign-in options settings page to create a PIN. Then you would just tap the Add button, under the PIN section, and follow the on-screen wizard to create a new PIN. After the PIN password is created, you can go back to Device encryption settings to verify that the feature has been enabled.

Add a PIN

While the feature should work as expected, Windows Phone 8.1 used to display an "encrypted" label in the phone storage settings, and Windows 10 Mobile doesn't provide such visual confirmation in the storage settings. The only way to verify your device is being encrypted is by making sure the "Device encryption" is turned on in the Settings app.

Windows 10 doesn't show the data is encrypted like it did on Windows 8.1

It's important to point out that while encryption is enabled on your mobile device, the operating system and your data stored in the local storage will be encrypted, but device encryption will not encrypt data that you stored on an SD card unless you have build 15007 or later. As such, it's highly recommended that you not save sensitive data on a removable storage, as anyone could easily remove the storage and have unrestricted access to that data from any computer.

Source

Frequently Asked Questions

If I remove the ActiveSync Exchange account from my device, will this still affect me?

Yes and No. The ActiveSync rules mentioned above will only be activated on your device if you have an ActiveSync Exchange account setup on your device; however, these rules are security enhancements that all users should consider implementing on their devices whether they view sensitive University data on it or not. Furthermore, even if you do not have an ActiveSync Exchange account you are still subject to the Mobile Device Encryption Policy. Please make sure your device is in compliance based on your activity while on your device.

Are there any potential side effects of device/sd card encryption?

While encryption of your data is an important security feature you should enable, be aware that if you damage your phone, the data on it and its SD card will likely be unrecoverable.

I enter grades into Canvas, should I do anything about this?

It depends. If you're using your mobile device to enter grades through the Canvas web application or the mobile app, you're fine. If you're storing that data on your device or home computer, then yes you should protect that machine.

What about other portable devices such as laptops and thumbdrives?

Yes, those type devices are included in the Mobile Device Encryption Policy. Over the next few weeks recommendations will be made on how to encrypt these devices.

Last Updated: July 28, 2017