How do I get my smartphone registered?
We put together a couple of step-by-step guides to help you register your phone:
What is MobileIron?
MobileIron is a mobile device management (MDM) system that provides ITS with a means of governing mobile access to WCM resources, including email, calendar, contacts, and other central applications. Through the use of MobileIron, which is a free application that is installed on a governed mobile device, ITS has the ability to configure devices with the appropriate WCM settings to allow access to Wi-Fi networks, a WCM email account, and WCM applications. As a benefit to both WCM and the end user, MobileIron helps manage compliance with security policies and other regulations by enforcing device encryption and the use of a passcode to reduce the risk of accidental or improper disclosure of data In the event the device is lost or stolen.
Is MobileIron required for my mobile device?
Yes. Any mobile device (smartphone or tablet) configured with a WCM email account (or wishing to access the WCMC Wi-Fi network) must have MobileIron installed. Without MobileIron, WCM cannot ensure the security of all devices with WCM data. In the event the device is lost or stolen, there are no assurances that WCM data has not been breached or inappropriately disclosed. Weill Cornell's faculty, students, and staff create and share a wealth of information on their mobile devices every day, much of which may be confidential. Should your device become lost or stolen, ITS can locate or wipe your device remotely at your request to make sure this data never gets into the wrong hands. Even if you do not regularly work with confidential data, it can protect the other content on your phone and is necessary for inventory tracking by your department. Not only does it protect you, it protects everyone who does business with Weill Cornell.
But I don't access clinical or confidential data. Do I still need MobileIron?
Yes. WCM's definition of confidential data extends beyond protected health information (see ITS 11.03 - Data Classification). If you use your mobile device to access the WCMC wireless network, you are using Weill Cornell resources and will need to have MobileIron installed.
Can ITS spy on my mobile device once MobileIron is installed?
No, ITS cannot spy on your device through MobileIron, nor is ITS interested in actively monitoring your device. In addition, ITS enforces very minimal requirements and restrictions on your device – a password, which enables encryption. Here are things MobileIron does not do:
- View or read your SMS and MMS messages
- View your pictures
- View your website browsing history
- Turn on your camera to take photo or video
- Listen in on your conversations
- Open or delete your files and applications
- View contents within your applications
- Drain your battery
Also, ITS does not read individual emails in your Weill Cornell account, nor can we access any personal email from external sites like Gmail or Yahoo! Mail. ITS uses a data loss prevention software in accordance with College policy (see 11.02 - Privacy of the Network and 11.03 - Data Loss Prevention) to make sure confidential data is not sent to external accounts (those that do not end in @med.cornell.edu) without encryption.
It is important to note that although ITS does not actively monitor emails, Weill Cornell reserves the right to access, review, and release electronic information under circumstances necessitated by legal or regulatory requirements.
I lost my device! What should I do?
If your device is lost or stolen, notify the Service Desk and your department administrator immediately. ITS will work with you to locate your device or wipe any Weill Cornell services to prevent a breach of confidential data. If you are unsure of the whereabouts of the device, it is also recommended that you file a police report with campus security of local authorities.
If my mobile device is remotely wiped, will my personal information also be deleted?
No. If your phone is lost or stolen, ITS will only wipe Weill Cornell services. However, if requested, ITS can wipe the entire device. Contact the Service Desk for more information.
What information does MobileIron collect about me and my device?
MobileIron collects the following information about your device:
- Identifying information about you, the end user, so ITS is aware who the device belongs to. This includes your name and your WCMC email address.
- Device specifications, including the make and model of the device you are using, the device's phone number (if necessary), the device's operating system and version, your cellular/data provider, the device serial number, status of the battery percentage, etc.
- Amount of used and available space on your device.
- A list of WCMC-deployed (“managed”) applications on your device (ITS cannot see any personal applications that you may have installed).
- Location data, if you grant permission to the MobileIron application, in the event your device is lost or stolen and you request ITS to help you locate it. Please note that ITS does not use this data to actively monitor your location and it will only be viewed at your request.
- Status of the MobileIron application, the security certificate, and security status.
- An inventory of installed security certificates, security compliance profiles (e.g., password settings), WCMC-deployed (“managed”) applications as well as a log of Mobile Device Management (MDM) communications (e.g., last check-in time with the server, diagnostic errors).
What changes will I see on my device once MobileIron is installed?
When MobileIron is installed on the device, a list of "profiles" with configuration settings will appear under Settings > General > Device Management. Among the profiles is an "Exchange Account" setting, which is a configuration profile that sets up your email and appears in the "Mail" app and the "Mail, Contacts, Calendar" settings. The "Password Policy" profile appears under the "Restrictions" area, which enforces a passcode to unlock the device.
The other settings that are deployed include additional features that provide easy access to the network, such as connecting to WCMC Wi-Fi networks. ITS also has some "web clips," which are bookmarks that point you to WCM Emergency information and other helpful internet resources. ITS can also deploy or publish "managed applications," which are applications that can be used for work purposes, such as Box. ITS also have the ability to deploy paid applications, which may occur in the future.
Most noticeably, you'll see two key apps installed on your device, which are described below:
MobileIron: The MobileIron app allows ITS to apply and enforce certain settings on your device to ensure security. You do not need to configure any settings in this app and will most likely not need to access it. However, ITS can use MobileIron to send important messages to your mobile device and suggest upgrades to applications that are relevant for WCM (e.g., Box, Zoom, etc.).
WCM App Store: The WCM App Store is our internal app store, making applications relevant to the WCM community available for download. Some apps will install directly, while others may lead you to the App Store where you can download the recommended application. You can periodically check this feature in the future as ITS recommends more apps to the Weill Cornell community.
MobileIron also changes security settings on your mobile device once it's been installed. When your mobile device remains idle for a period of time, it will automatically lock and require a passcode of your choosing to unlock it. Per Apple's default settings, if you fail to input the correct passcode 10 times in a row, your mobile device will be completely wiped. (If this happens, you would need to input all your information from scratch or restore your information using a backup from iTunes.)
Which devices does MobileIron support?
At this time, MobileIron can be installed on Apple iOS devices (i.e., iPhones and iPads) running iOS 11 or above, and Android devices running Android 8.x or above.
How is MobileIron different on an Android device?
On an Android device, ITS configures an Android Enterprise Work Profile which is a secure environment within your mobile device. The Work Profile separates institutional or enterprise data from your personal data. This separation happens seamlessly and is almost transparent to the mobile device user. It also offers encryption and extra security. This not only encrypts institutional data, but it makes you HIPAA compliant, a prerequisite for mobile data and content at WCM.
On your Android:
- Applications in the Work Profile will still reside alongside your current applications, but will display a small briefcase badge.
Important: As a part of security and separation within the Work Profile, items may be brought into the Work Profile but not outside of it. You may delete items within the Work Profile, but you cannot save a secured item outside of the Work Profile.