U-M faculty and staff are strongly encouraged to use computers and devices that are purchased, managed, and maintained by a central U-M IT service provider or their unit IT staff.
What "Self-Managed" Means
In some circumstances, faculty and staff may need to self-manage a UM-owned device because research or other work-related activities require unique applications, operating system versions or configurations, or the use of administrative-level user access to properly function. These requirements may differ significantly from the configurations provided by MiWorkspace and other managed-workstation programs.
In such circumstances, faculty and staff may be provided full administrative rights to self-manage their UM-owned computers or other devices. This may include the ability to:
- Install a new operating system.
- Reconfigure the existing system operating system, including changing security settings.
- Install or reconfigure software.
- Add or change user accounts, or similar or take similar privileged (administrator) actions.
Grant-Purchased Devices. Faculty and researchers frequently purchase computers and other devices from research grant funds or other external funding. Sometimes departmental IT staff manage these devices, but frequently they are self-managed by faculty and researchers (including graduate students working with them).
Your Responsibilities
Self-managed devices—particularly grant or research funded devices—may have a wide range of hardware, operating systems, and software configurations. Central IT service providers and unit IT staff cannot provide the same level of data protection, desktop support, and troubleshooting for those devices as provided to managed devices from U-M services, such as MiWorkspace.
Users with self-managed, UM-owned devices have the responsibility to limit unauthorized access to the device and any U-M data on it, and to troubleshoot, diagnose, and do repairs themselves. General responsibilities include:
- Complying with all U-M policies and standards, as well as regulatory and contractual obligations, for the type of data that is stored or accessed by the self-managed device.
- Updating the operating system, software, and endpoint protection.
- Turn on auto updating wherever possible.
- U-M provides CrowdStrike Falcon endpoint protection for university-owned computers. For details, contact your Security Unit Liaison (SUL).
- Adjusting settings for the operating system, software, applications, and antivirus appropriately.
- Protecting U-M networks by not connecting a device that is out of date to the network.
- Protecting devices that cannot be updated by not connecting them to a network.
For both of the last two bullets, your unit IT staff may be able to help you put safeguards in place, such as a private network or appropriate firewalls, if the device needs to connect to other devices.
Responsibilities and Expectations for Self-Managing U-M Devices provides a checklist of specific expectations and responsibilities that must be met.