Skip to main content

System Status: 

  1. Home
  2. Technology
  3. Security
  4. Secure Connect
  5. Required Software
  6. Intune MDM

Secure Connect: Intune Mobile Device Management (MDM) Software

Last Updated: March 26, 2026 10:22:32 AM PDT
Give feedback

Learn more about how to use the Microsoft Intune MDM software.

UC San Diego has implemented the Secure Connect program to protect the safety and security of UC Systems. UC San Diego will use Microsoft Intune Mobile Device Management (MDM) software to streamline and automate the implementation of UC cybersecurity requirements on devices (e.g., computers, laptops, etc.) requiring access to trusted resources. The MDM solution allows us to protect UC Systems by automating the installation of security software, registering the device in our configuration management database (CMDB), and automating updates to ensure that devices remain compliant.

Important Consent Notice

Enrollment in Intune does not constitute consent under the Electronic Communications Policy.

Information security is of the utmost importance to UC San Diego and UC San Diego Health (collectively, “UC San Diego”). In an increasingly collaborative world that depends upon shared electronic information, every user shares responsibility for information security. This installation is required to protect user confidentiality; maintain the integrity of all data created, received, or collected by UC San Diego; to meet legal and regulatory requirements; and to ensure timely, efficient, and secure access to university trusted resources.

What Devices Are Affected?

Only devices that access trusted resources (via wired or UCSD-PROTECTED) will be required to enroll in Intune.

You are not required to enroll if:

  • You only use the VPN, Eduroam or UCSD-GUEST networks
  • You're only accessing services that are available through the internet, such as email, Canvas, Zoom, or other cloud-based tools.

Note: If your device is owned and managed by UC San Diego your IT department will make sure your device is compliant.

How UC San Diego Intune MDM will be used

UC San Diego Intune MDM will be used to:

  • Install and configure the use of a university signed and issued certificate to unambiguously identify and register the device in our CMDB
  • Install and update university required security software (Qualys Vulnerability Management and Trellix Endpoint Detection & Response security software)
  • Help your device meet the minimum requirements for accessing trusted resources

UC San Diego Intune MDM will not be used to:

  • Access your personal applications, messages, emails, or call history
  • Read or collect your personal files, photos, or browsing history
  • Track your real-time location or collect GPS data
  • View, modify, or delete personal apps on your device
  • Monitor personal activity, keystrokes, or phone calls
  • Perform a full device wipe on personally owned (BYOD) devices

Steps for Intune Enrollment to Access Trusted Resources

Only devices that access trusted resources (via wired, VPN, or UCSD-PROTECTED) will be required to enroll in Intune.

  • Users with UC San Diego Owned Devices: If your device is already managed by your department's IT team, you don’t need to do anything—your IT team will handle enrollment for you. If you're unsure whether this applies to your device, please check with your department's IT support or your Unit Information Security Lead (UISL).
  • Principal Investigators (PIs): Please complete the Intune Enrollment Intake Form (coming soon) to indicate your enrollment path preferences. 
  • All Other Users: If your device is not owned and managed by UC San Diego, please follow the Intune installation guide that corresponds to your device’s operating system

Need IT Support?

Campus Service Desk

Health Service Desk

 

Frequently Asked Questions

What operating system version do I need to install Intune?

  • Windows devices: Windows 10/11 Pro or Enterprise editions
  • MacOS devices: MacOS 13.x and later

Can I uninstall Intune? If so, how?

Yes! If you determine that you do not need to access UC San Diego trusted resources or you will be leaving the university, you can unenroll from and uninstall Intune Company Portal.

A step-by-step guide guide is available to assist you with this process: 

  • Secure Connect: Uninstall Intune Company Portal
    • Note for Windows users: After uninstalling Intune, you may be prompted for a BitLocker recovery key when you restart your device. In order to ensure that you are able to unlock your device if you do receive this screen, we highly recommend following the instructions pertaining to BitLocker prior to removing your access from Intune.

If for any reason you are unable to unenroll from or uninstall Intune Company Portal, please reach out to IT Support:

Campus Service Desk

Health Service Desk

How should I secure Intune Access? (Security Recommendations)

Due to the recent Intune security incident with Stryker data wiping attack (external link), we recommend the following recommendations to secure Intune:
  1. Identity & Admin Hardening (MITRE ATT&CK: T1078, T1098; NIST CSF: AC)
    • Review and minimize Global Admin accounts:
      • Inventory all Global Admin / Intune Admin / Entra Admin accounts.
      • Enforce strict least privilege: use specialized admin roles instead of “Global Admin” wherever possible.
      • Implement multi admin approval for critical features (erase, reset, etc.).
    • Enforce strong MFA for all privileged accounts:
      • Prefer phishing-resistant methods (FIDO2 security keys, platform authenticators) where feasible.
      • Block legacy authentication and app passwords.
    • Conditional Access / Access Policies:
      • Require compliant / hybrid-joined devices and strong MFA for admin access.
      • Limit admin sign‑ins to known locations, devices, and admin workstations, where possible.
    • Monitoring & Alerting:
      • Enable and tune alerts for:
        • Creation, elevation, or modification of admin roles
        • Suspicious sign‑ins from atypical locations or devices
        • Mass changes to Intune policies or device actions
  2. Intune & Device Management Controls (MITRE ATT&CK: T1485 – Data Destruction; NIST CSF: PR.IP, PT)
    • Review Intune wipe capabilities and delegation:
      • Ensure that only tightly controlled roles can initiate:
      • Device Wipe / Factory Reset
      • Autopilot reset / Fresh Start
      • Implement approval workflows or at least out‑of‑band verification for bulk actions.
    • Segmentation of Device Management:
      • Separate BYOD from corporate devices in Intune:
        • Use different profiles or policies
        • Consider limiting what actions can be taken against BYOD devices versus corporate‑owned devices.
      • Logging & Audit:
        • Confirm that detailed logs of device actions are retained and monitored:
          • Who initiated wipe commands
          • When and against which device groups
        • Integrate Intune logs into your SIEM for correlation and anomaly detection.