Required Software

Learn more about Microsoft Intune MDM, Trellix EDR and Qualys VM softwares as they relate to the Secure Connect program.

As part of the University of California's systemwide effort to enhance cybersecurity, UC San Diego has implemented the Secure Connect program to meet the minimum security outcomes set by UC President Drake and the UC Regents. 

Two key outcomes of this initiative are:

• The identification, tracking, and vulnerability management (VM) of all computing devices connected to university networks
• The deployment and management of UC-approved Endpoint Detection and Response (EDR) software on 100% of assets. 

We want to acknowledge that while cybersecurity is a shared responsibility, our approach was designed specifically to balance security while minimizing burden on staff and faculty, and to proceed with transparency and a focus on individual privacy. Any data collected by the necessary software is considered an electronic communications record as defined by the University of California's Electronic Communications Policy (ECP).

Network Access Control (NAC)

UC San Diego is implementing NAC to ensure that only secure, compliant devices can connect to trusted university resources. This phased rollout, specifically tailored for our campus, supports a UC-wide cybersecurity mandate and prioritizes user experience, privacy, and operational continuity. 

In most cases UC San Diego will be utilizing Microsoft Intune Mobile Device Management (MDM) to deploy the following required security softwares: Trellix for EDR, and Qualys for VM. These tools will work together to safeguard access to UC San Diego's trusted resources.

We understand that not all endpoints will be able to comply with these new cybersecurity requirements. To support the diverse and ever changing needs of the university, an Exception Process is available for users who require access to trusted resources but whose endpoint(s) are unable to meet University cybersecurity requirements.

What’s Changing? 

To connect to trusted resources through UCSD-PROTECTED Wi-Fi, campus Virtual Private Network (VPN), or most Wired networks, your device must meet a set of mandated security standards. 

• Managed devices (overseen by a designated Unit Information Security Lead) will be handled by the local IT teams. Unless you hear otherwise from your IT support staff, no action is required. 
• Unmanaged (personal or self-managed) devices will require installation of Microsoft Intune or obtaining an approved exception. Microsoft Intune will automate steps required to meet mandated security standards. Learn more about Microsoft Intune and how it will be used. 
• Mobile devices including tablets are out of scope of this effort. 

What’s a trusted resource and do I need it to do my job?

• Any IT resource (systems, database, equipment, etc.) that is not accessible from off-campus, without connecting to the VPN first, is considered a trusted resource. 
• Most business applications, instructional systems, productivity software and collaboration tools do not require access to trusted resources. E.g. Zoom, Microsoft Teams, Google Workspace, UCPath, Canvas, Kuali Research, OneDrive, etc.  
• Library resources are now available via Single Sign-on (SSO) and no longer require the VPN. 
• Local printers will be accessible, if configured, from Eduroam Wireless. Intune enrollment is not required. 

What to expect for devices connected via UCSD-PROTECTED Wireless and VPN

• To minimize disruption and ensure adequate and timely support for our users, Network Access Control will be enabled in phases beginning with UCSD-PROTECTED Wireless for all academics and staff (excluding students and student employees), starting in May 2025. 
• IT Services, in collaboration with a variety of IT groups across campus, is leading the way in adopting this solution, to help ensure a smooth transition for the rest of the university. We’re grateful for these partners and the early adopters joining us in this important step forward. 

NAC Phased Enforcement Schedule 

Phase 1 – Starting May 27, 2025

• ITS-Supported Areas 
• UC San Diego Health Sciences 
• SDSC IT 2 
• OEC IT (enforcement will begin on June 3) 

Phase 2 - Starting June 17, 2025

• Extended Studies 
• SPS IT 
• Social Sciences 
• Arts & Humanities 
• Global Policy & Strategy 

Phase 3 - Starting July 1, 2025

• San Diego Supercomputer Center 
• Scripps Institution of Oceanography  
• Preuss IT

Phase 4 - Starting July 15, 2025

• Rady School of Management  
• Biological Sciences  
• School of Computing, Information & Data Science (incl. HDSI)  
• Physical Sciences (5 depts) 
• Qualcomm Institute / CalIT2 
• Jacobs School of Engineering (7 depts) 
• Preuss School  
• The Library

What to expect once enforcement begins

• Once the enforcement phase begins and Intune enrollment is enabled, users with unmanaged devices, who require access to trusted resources but are not yet compliant will be redirected to enroll in Microsoft Intune. 
• Users who require access to trusted resources but cannot enroll in Microsoft Intune will be given the option to contact support and/or file an exception for review. 
• Upon successful enrollment in Intune or with an approved exception on file, users will be able to access trusted resources through the UCSD-PROTECTED wireless network.

What to expect for devices connected via the Wired Network

• Devices connected via the Wired Network will be handled on a lab-by-lab basis, to reflect the unique needs of our research enterprise.  
• Each unit will reach out to their faculty and researchers separately to schedule time to onboard their lab.
• Once an individual lab is prepared and the readiness sign-off has been completed by the responsible faculty or researcher and submitted to the UISL, Network Access Control for the physical location will be enabled. 

What can I do now to prepare for this change?

• If you have an unmanaged device that requires access to trusted resources on UCSD-PROTECTED Wireless, you can prepare for this change by enrolling in Microsoft Intune ahead of your scheduled go-live. You will receive a notification once your account is enabled for enrollment. 
• If you have an unmanaged device that you know cannot enroll in Microsoft Intune and you require an exception, please reach out to your Unit Information Security Lead (UISL) before the enforcement date of your unit.