Meeting the minimum expectations below protects U-M and your personal data.
U-M Data on Personal Windows Computers
If you are permitted to access or maintain sensitive institutional data using your personal device, you must meet the minimum expectations below. See Your Responsibilities for Protecting University Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.
Store and share sensitive university data using only approved services. Be aware that personal storage services should not be used to store sensitive university data or information relating to university business. Many Microsoft applications let you share files using OneDrive (Microsoft cloud storage). Do not use your personal OneDrive to store sensitive university data.
Check the Sensitive Data Guide for services approved for use with specific sensitive data types to be sure you are in compliance with U-M guidelines for sensitive data.
If you travel outside of the U.S., be aware certain types of sensitive data cannot be accessed or maintained outside the country. There are legal restrictions on certain sensitive data types, such as Export Control, HIPAA, and FISMA. See the Sensitive Data Guide for details.
Report IT Security Incidents
- Require a password for access. Follow these guidelines for a strong password. See Windows: Change your Windows password for instructions for changing your Windows password.
- Set your screensaver and require a password to unlock it. Set the screensaver to activate after 15 or fewer minutes of inactivity. See Change your screensaver settings for instructions.
- Review privacy settings and limit sharing to the minimum needed. For Windows 10, see Microsoft's Windows 10 and privacy and ZDNet's How to secure Windows 10: The paranoid's guide. For other versions of Windows, do an Internet search for "privacy" and your Windows version.
- Install and use antivirus software, endpoint protection, and anti-malware software. See Antivirus for Personal Computers for recommendations and links.
- Use Windows Firewall, normally turned on by default. See Turn Windows Defender Firewall On or Off. If you purchased a different antivirus and/or security program with its own firewall that you use instead, that's okay. Make sure that the firewall and antivirus protection are turned on and that the software is regularly updated. We recommend that you use only one security program.
- Use Windows Defender antivirus protection (built in to Windows 10).
- Use automatic updates to keep your version of Windows updated. You can set active hours in Windows to prevent restarts during times you are working.
- Use BitLocker Drive Encryption (for laptops) to encrypt your computer's hard drive. BitLocker encryption is included in Windows. See Encrypt Your Data and Devices for guidance on using encryption. Search Microsoft Support for instructions for your version of Windows.
- Use a Secure Internet Connection. Avoid public and "free" WiFi if possible.
- Use the U-M VPN if using untrusted wireless networks. Be sure to choose the right profile for your campus or affiliation. Untrusted wireless networks include guest wireless in a hotel or coffee shop or other "free" wireless.
- Turn off unused connections like Wi-Fi and Bluetooth when you're not using them.
- Review WiFi sharing settings and limit sharing to the minimum needed. Be aware that Wi-Fi Sense in Windows 10 may share access to your networks with others and connect you to open networks automatically. Do not use the Express settings. Customize your settings and uncheck the options you don't want. See the Microsoft Wi‑Fi Sense FAQ.
- Keep your Windows operating system updated. Turn on automatic updates and only use supported versions of Windows. Avoid versions which no longer receive updates from Microsoft. For details, see Microsoft's Windows Update: FAQ.
- Keep your applications updated to take advantage of security updates and other improvements.
- Only install applications from reputable software providers.
- Back up your data. Always keep a backup copy of files you do not wish to lose to protect against hardware damage, theft, loss, and malware. Remember not to back up university data you work with on your personal storage services if you use a service to backup your computer.
Securely Dispose of Your Windows Device
Before you dispose of, sell, or give away your device, back up your data and erase all contents and settings to protect you and U-M. See Erase Personal Devices Before Disposal for details.
Detailed Security Instructions for Windows
Microsoft offers more detailed Windows security info and instructions:
Additional Best Practices
Consider these additional options for enhanced security and privacy for your computer and the data maintained on or accessed from it.
- Choose web browser security settings that protect your privacy and enhance security.
- Be safe online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Register your devices with the U-M Police Department. Free laptop and personal electronics registration is available to members of the U-M community to deter theft and assist in the recovery of stolen property.
- Add your name and contact information to a sticker or label on the computer. This low-tech, practical step enables somebody to contact you if they find your lost computer.
- Travel safely with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
U-M Policies and Standards
- Responsible Use of Information Resources (SPG 601.07)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Tech Tools: Cell Phones and Portable Electronic Resources (SPG 514.04)