How to "Bring Your Own Device" (BYOD) into Compliance

Posted on
Updated on

April 22, 2024

This guide contains helpful information on bringing your BYOD device into compliance with security requirements of the Mass General Brigham network.

Requirements

  • Security Software: AntiVirus, Encryption and ForeScout SecureConnector
  • Eligible Devices:
    • Windows 10 or above (no home edition)
    • MacOS 12 or above

Support will not be provided for devices older than 5 years. 

Windows

AntiVirus

Windows Defender Antivirus is recommend and is built-in to computers running Windows 10 computers.

To turn on Windows Defender Antivirus real-time protection for computers.

  1. Open Windows Defender Security Center
  2. Go to Virus & Threat Protection > Threat Settings
  3. Turn on Real-time Protection

Download Antivirus from Microsoft

Encryption

Microsoft BitLocker and McAfee Drive Encryption are approved methods of encryption. Check to make sure the device is encrypted by following the steps below.

BitLocker

  1. Open My Computer
  2. Look for a closed lock icon on the C: drive.
  3. If not encrypted, turn on BitLocker Drive Encryption:

    1. Start > Control Panel > System and Security
    2. Click BitLocker Drive Encryption
    3. Click Turn on BitLocker

McAfee

  1. Right-click the McAfee Shield icon in the lower right corner of your computer.
    • If there is no McAfee icon, open a Service Desk ticket.
  2. Click Quick Settings
  3. Click Show Endpoint Encryption Status

    1. If status is Active, the device is encrypted.
    2. If status is Inactive, open a Service Desk ticket.

SecureConnector

Network Access Control (NAC) checks a device for compliance before allowing access to the MGB network.

MGB uses ForeScout SecureConnector which checks the device for compliance for encryption, antivirus software, and patches

Installation instructions can be found at: https://rc.partners.org/secureconnector

MacOS

Enroll in Partners Enterprise Apple Support (PEAS) to enable encryption and obtain access to Self Service.

  1. Enroll in PEAS: KB0034657
  2. Once enrolled, restart your device to enable FileVault 2 encryption
  3. ForeScout and CrowdStrike Falcon AntiVirus will download automatically to your computer. If you want you can install yourself prior to that by opening your Applications folder > Launch Self Service

    1. Install ForeScout SecureConnector
    2. Install CrowdStrike Falcon AntiVirus

Device Operating System (OS) Compliance Requirements

Technology Depot: Self Service Options

Difference between Standard, Non-Standard and Macintoch Computers

Encryption requirement for Windows Devices

Go to KB0033785 in the IS Service Desk

Related articles