Hardware
ITS recommends purchasing computers from the following approved vendors:
- Windows: Dell, CDW, Patriot Tech
- Apple: Apple e-commerce, CDW, Patriot Tech
See ITS-Approved Computer Hardware Standards for Faculty & Staff for preselected models that ITS can best support for all Mason services.
Operating System
All Computers must be running a supported operating system (OS) from its vendor. The OS must be patched to the latest version. Systems found not running a supported OS will be removed and blocked from accessing the Mason network.
Software
ITS supports a wide array of business and academic software. Please visit this site for a comprehensive list of supported software and services. The following is the standard software load:
- Adobe Acrobat Reader
- Google Chrome
- Microsoft Defender
- Microsoft Office
- Microsoft OneDrive
- Mozilla Firefox
- VideoLAN VLC
- Zoom desktop app
Additional software can be installed via the Company Portal app on a Windows endpoint or Mason Self Service on a Mac endpoint. All third-party software must be updated with the latest security updates. ITS provides automatic third-party patching for the most common applications. All software installed on Mason endpoints must be approved by the Architecture Standards Review Board.
Security
All Mason endpoint computers are required to be centrally managed. This is achieved for PCs through Mason’s Active Directory (AD) environment or through JAMF for Mac systems.
ITS has developed and approved an endpoint security baseline that closely follows NIST-800 recommendation. This baseline will automatically be applied to all managed systems through the associated management platform. To ensure systems are secure when left unattended, all systems will lock automatically after 15 minutes of inactivity from the end user.
Mason endpoints are required to have Microsoft Defender ATP and Cisco Umbrella installed. These are installed and configured by ITS. These applications provide antivirus, firewall, and additional protection against malicious software. For additional information see Microsoft Defender.
Endpoint permissions for PCs are managed via AD groups. This includes both login permissions and administrative permissions. These are assigned by departmental IT points of contact. Permissions for Mac systems are managed on a per system basis.
Microsoft Defender
Microsoft Defender Advanced Threat Protection (ATP) antivirus software is available for all Mason-owned Windows and Mac devices managed in MESA or Jamf.
- Always-on scanning using file and process behavior monitoring and other real-time protection
- Discovers vulnerabilities and misconfigurations in real-time without the need for agents or periodic scans
- Detects and blocks apps that are deemed unsafe, but may not be detected as malware
- Eliminates risky or unnecessary attack vectors (paths hackers use to gain unauthorized access) and restricts dangerous code from running
- Leverages artificial intelligence to automatically investigate alerts and remediate complex threats
- Uses behavior-based machine learning to identify suspicious activity and advanced attack techniques
- Cloud-delivered protection that includes near-instant detection and blocking of new and emerging threats
- Regularly updates to keep antivirus up-to-date
Microsoft Defender ATP is available to Mason-owned Windows or Mac systems managed through MESA or Jamf. Unmanaged Mason-owned systems will need to be managed in order to receive the updated antivirus protection.
Data
ITS recommends the use of OneDrive for the protection of data. Common folders can be redirected to OneDrive to simply this process. For additional information see OneDrive (work or school).
Support
ITS provides a wide array of support through self-service, remote assistance, or from a desk side technician. ITS uses BeyondTrust Remote Access to provide remote assistance to end-users. The BeyondTrust software is only installed during an active support session and is removed upon completion. For additional information see BeyondTrust.