Frequently Asked Questions Security Measures

Protect your data!

Check the questions and answers that fit your operating system.

The AUAS is committed to data security and the prevention of data leaks. Until now, users were expected to take the necessary measures themselves. This approach has proved to be ineffective: the required security measures tend to be time-consuming and are not always correctly implemented. The AUAS has decided to help users by managing certain aspects on their behalf. No user privileges will be revoked as a result.

Yes, the measures are mandatory. If you have a self-managed ICT workstation, you must take appropriate measures to secure your data. This should be done by registering your device in the tool provided and following the instructions in the manuals provided. This also applies to business mobile phones and tablets purchased by the AUAS.

Yes, laptops must be password protected in order to prevent unauthorised parties from accessing your data. Password protection is mandatory.

If you do not wish to take these security measures for any reason, please contact the person below at your faculty or service.

Faculty or Service Please contact:
Management board Bart Roelvink
Communication Office Bart Roelvink
Education and Research Bart Roelvink
Human Resources Bart Roelvink
Finance, Planning and Control Bart Roelvink
IRS Bart Roelvink
AC Harry van der Zijden
Library Renze Brandsma
Housing development Arthur Cramer
Facility Services Joost Klaassen
ICTS Juliette van Zuijlen
Student Services Bram van der Kruk
Faculty of Applied Social Sciences and Law Piet Dekker
Faculty of Education Pieter van Langen
Faculty of Sports and Nutrition Kristiaan Hillen
Faculty of Business and Economics Tom Geul
Faculty of Digital Media and Creative Industries Jeroen Loerakker
Faculty of Health Ellis Hensen
Faculty of Technology Micha Uijterwijck

The following overview explains what the AUAS can or cannot see, according to Microsoft.


The AUAS can never see:

  • calls and browsing history,
  • email and SMS text messages,
  • contacts,
  • calendar,
  • passwords,
  • photos (including any photos saved in the Photos app or camera album),
  • files
  • location – your device location will never be visible to the AUAS, unless an iOS device was lost and is being restored under supervision. Consult the Apple iOS documentation for more information on devices under supervision.


The AUAS can always see:

  • device model (e.g. Google Pixel),
  • device manufacturer (e.g. Microsoft and Apple),
  • operating system and version (e.g. iOS 12.0.1),
  • list of apps and app names (e.g. Microsoft Word), (In the case of personal devices, the AUAS can only see managed apps. In the case of devices owned by the AUAS, all your apps will be visible.)
  • device owner,
  • device name,
  • device serial number,
  • IMEI,
  • telephone number – your full telephone number will be visible on all devices owned by the AUAS. You can check the ownership type for any device by opening the Device properties page,
  • device storage – if you are unable to install a required app, the AUAS can check your device to make sure that it still has enough storage space.

Source

  • The device is being encrypted.
  • For Windows and macOS, the recovery key is stored in the company portal where you, as an end user, can access it yourself.
  • With macOS, you get a new recovery key every 6 months. You won't notice it, and it's automatically updated in the corporate portal.
  • If you have Windows, your software will be upgraded to the most advanced version (Education). The action to take depends on the current version you have. Follow the instructions in the manuals.
  • You will need to reset your password and/or PIN, which must comply with the password policy of AUAS.
  • Your screen will be locked after 15 minutes of inactivity.
  • The AUAS will verify that your device meets the above security requirements.
  • After registration, the device is protected by ICT Services. This means that you no longer have to arrange things yourself, such as encryption, but ICT Services does it for you. In this way, your data and device are more secure.

No, your account remains intact and you remain the administrator of the workplace.

No, ICT Services can in no way take over the workstation, or watch from a distance.

The device was purchased by the AUAS and must also be managed by the AUAS. This requirement may affect your day-to-day activities. If device management cannot be transferred due to ongoing work, get in touch through servicedesk-icts@hva.nl

The project is being carried out in phases. As a result, we cannot offer everyone access at the same time. If you receive this notification, your account has not yet been activated for registration. Contact servicedesk-icts@hva.nl to get your account activated.

You must have secured the machine in order to use a Secure Self. The AUAS requires all users to register their device in order to ensure its security.

If you do not wish to take these security measures for any reason, please contact the person below at your faculty or service.

Faculteit or Service Contact:
FDMCI servicemanagement-fdmci@hva.nl

In the company portal you can see the status of your devices. This allows you to see whether a device complies with UvA policy. You can also reset your device yourself, and for macBooks you can view your FileVault key here. You can reach the company portal at: https://portal.manage.microsoft.com.

By the way, the program can be called differently for all operating systems: for Apple: Intune Bedrijfsportal, for Android: Microsoft Bedrijfsportal and for Windows: the Bedrijfsportal.

After registering your device you need to change the password of your device. Please note that this is not the password of your UvA account. The password must be changed to ensure that the local password also complies with UvA policy. The password is not synchronised to the cloud and the UvA cannot see it.

You remain responsible for updating your device. Registering the device in the Company Portal does not push any updates. If you do not update your device regularly, it may be that you are not safe, or that certain components no longer work properly. Therefore, make sure that you update your device regularly.

By registering your device in Intune / Company Portal, ICTS has the possibility to wipe your device if your device has disappeared or has been stolen. This way you can prevent unauthorized access to the data. To prevent that the device is accidentally wiped there are only a limited number of people within ICTS who can do this. We have agreed that it will only be done with the consent of the end user or owner of the device. TIP: Always make sure that you make a regular backup of your data, so that you don't lose everything in case something happens to your device.

Windows 7 en 8.1 en 10

If your device is not yet encrypted, this will be done automatically after registration and the digital recovery key will be saved in the company portal. You can retrieve the recovery key yourself via the company portal . If your device is already encrypted, the current recovery key remains valid. Do you no longer have this recovery key? Intune can get it from your system.

The device must have at least 8 GB remaining storage. If you cannot free up sufficient space yourself, contact servicedesk-icts@hva.nl.

Windows 10

You are probably running a Windows 10 Home edition. To check whether this fact is the case, go to 'Start', type 'winver' and click Enter. You can now see your current version. If you are presently running Windows 10 Home, follow the instructions for an upgrade to Windows 10 Education.

Have you already encrypted your device with Bitlocker? Then you don't have to remove the current encryption before installation. If you have used a different tool, it is necessary to disable the old encryption before starting the installation. If you don't do this, your device might not work properly.

Another device user has already registered in Intune, or the device is being added to AD Azure. To determine whether this situation is the case, go to Settings > Accounts > Access to work or university, and find a notification such as the following: 'Another user on the system is already connected to a work or school. Please remove that work or school connection and try again.' Having problems? Contact servicedesk-icts@hva.nl.

Upgrading from Windows Home-edition to Windows Education takes extra time because of additional Windows updates associated with the Windows Education version. Therefore, if the Home-edition was behind with updates, it may take longer.

MacOS

It is necessary to disable the old encryption before starting the registration. This may take some time, but you can keep using your computer at the same time. Then you start the registration in the Microsoft company portal. Go through the steps that enable encryption again. The recovery key is then saved in the company portal. If you do not remove the previous encryption and only do the registration, you will not be able to retrieve the recovery key and you will be responsible for saving it.

Click the 'Check settings' button to restart the confirmation process. The policy may not have been detected yet.

Click the 'Check settings' button to restart the confirmation process. The policy may not have been detected yet.

For both operating systems the security measures have to be implemented.

Securing your macOS is enough, you do not have to protect the (Windows) VM separately.

iOS

The device model that you are trying to register is not supported. Make sure that you are running iOS version 11 or higher. If this is not possible because the device is too old, it cannot be properly secured. The device must then be replaced. Contact your ICT contactperson or Faculty Information Manager.

It may be that your device is too old; you won't be able to download the latest software on it. In that case, the phone cannot be provided with the right security measures. Your phone needs to be replaced. Please, contact your ICT contactperson or Faculty Information Manager.

Android

Perhaps your operating system is not up to date. To install the app you must have Android version 4.4 and later. Check the version of your system and perform an update if necessary.

It may be that your device is too old; you won't be able to download the latest software on it. In that case, the phone cannot be provided with the right security measures. Your phone needs to be replaced. Please, contact your ICT contactperson or Faculty Information Manager.

Published by  ICT Services 21 September 2020