Skip to content Skip to site navigation

Healthy Devices @ Stanford

Five complementary efforts are in progress to modernize devices used for Stanford work by September 2021.
Monday, March 15, 2021

More than ever, health is important to us—and this extends to the computers we use. Healthy devices are helpful devices without compromise. Blending convenience with security is our goal for this year. In this campus-wide effort, we’ve embarked on five complementary efforts slated for completion by September 2021:

  • Operating system upgrades
  • Passwordless logins
  • Modern device management
  • Advanced device protection
  • Modern email authentication

These improvements will be as automated as possible, but some will need your help along the way. In communications to you about these efforts in the coming months, we will highlight that each is a part of this broader modernization plan. Read on to see what you can expect. You can learn more about how to ensure your device is healthy by visiting Devices @ Stanford.

Infographic showing five initiatives for Healthy Devices @ Stanford. Described below.
Healthy Devices @ Stanford
  • Modern device management

  • ensures your device stays up-to-date and well-maintained, automatically.
  • Advanced device protection

  • defends against today’s sophisticated cyber threats.
  • Modern authentication

  • for Stanford email more fully protects your account from unauthorized access.
  • Passwordless logins

  • usher in a new era of safer and simpler computing. 
  • Operating system upgrades

  • keep devices running smoothly and securely.

Operating System (OS) Upgrades

Up-to-date operating systems are foundational to many of this year’s efforts. Staying current with software updates is an ongoing responsibility for each of us, and some Stanford devices have fallen behind. 

As of March 1, the minimum operating system versions are:

  • MacOS version 10.14 (“Mojave”)
  • iPhone / iPad version 12
  • Android version 9 (“Pie”)
  • Windows version 10

To protect our community and data, out-of-date devices may be blocked from accessing Stanford systems. For more information about system sunset dates, see https://sunset.stanford.edu.

Passwordless Logins

With Cardinal Key, we’re leaving passwords in the past and ushering in a new era of safer and simpler computing. More than 6,000 faculty, staff, and students are already using Cardinal Key, and our next step is to expand adoption to all university employees. By September 2021, Cardinal Key will be required for access to essential Stanford systems from employee devices.

It only takes a few minutes to configure each of your devices with Cardinal Key, then you’re set for five years. And with the new Cardinal Key installer for Mac and Windows, it’s easier than ever to get up and running.

Modern Device Management

Imagine that your device is configured and maintained for you without any intervention. Modern management systems provide a much cleaner way to configure and update devices. For Macs, we are taking advantage of these new capabilities with Jamf. Over time, Jamf will replace our current use of BigFix.

For Windows devices, we are in the process of selecting a Jamf-like tool. Stay tuned for more information.

If you do not handle High Risk Data, you continue to have the option to use an alternative to Jamf called VLRE. VLRE is a lightweight tool that monitors the security configuration of your laptop/desktop, but shifts the responsibility for configuration changes and software patching entirely to you.

Advanced Device Protection

Cyber threats have become increasingly sophisticated and pervasive, and our protection mechanisms need to be equally advanced. With CrowdStrike anti-malware, your laptops and desktops will be defended better than ever before. Since December, Crowdstrike has been deployed to more than 25,000 devices across Stanford and has already blocked numerous attacks.

For those who need a higher level of protection for their devices, we’ve recently launched the Cardinal Protect service. Cardinal Protect, an all-in-one solution that provides the most comprehensive protection we offer, can be purchased by subscription.

Modern Email Authentication

Stanford’s email is not yet fully protected by two-step authentication: webmail is, but the other access mechanisms are not. With modern authentication, the first time you access your Stanford email account from each of your devices, you’ll be prompted for two-step —similar to the way you log into your other Stanford accounts. This once per device prompt prevents anyone but you from accessing your Stanford email. To learn more about using two-step to secure email and why we’re making the change, visit the Modern Email Authentication webpage.

Exceptions

We recognize that there may be technical obstacles that prevent the adoption of these improvements on your device. For example, there may be a lab computer controlling expensive research equipment that runs special software which prevents upgrading the operating system. For these cases, we will continue to use our long-standing exception request mechanism: https://minsec-exception.stanford.edu

How We Work Today

In today’s connected world, information security is a shared responsibility. With your help, we’ll continue to make great strides in keeping Stanford devices healthy, so we can all work safely and effectively from wherever we are.

If you have questions or comments about our efforts, we want to hear them. Submit your feedback through the button below.

Related News

Learn More

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.