N. C. A&T Enterprise Endpoint Management (EEM) Project

N.C. A&T operates a campus network to facilitate its mission and operations. The security of this network is of paramount importance to protect the university, its information resources, and its brand and reputation, as well as to comply with regulatory and contractual obligations.  

User endpoints such as desktops and laptops are included in the campus network. Currently, the university lacks many basic processes to manage these endpoints, which leaves them open to vulnerabilities such as malware delivered via email and access by legitimate but unauthorized individuals. These vulnerabilities expose the campus network to modern issues such as ransomware and can create targets that attackers can exploit to gain access to university data.  

The university must have a comprehensive set of processes to manage user endpoints in all stages: acquisition and distribution, inventory and maintenance, and upgrade and disposal. This project will place all university-owned Windows endpoints in the ncat.edu domain and in our enterprise Microsoft endpoint management system. It will provide a secure baseline configuration for all endpoints, as well as a consistent process for managing security and patch updates. 

The primary objectives of this project are to implement an endpoint management program and establish an asset inventory process. The project is scheduled to be completed by the end of FY22 beginning with Information Technology Services followed by administrative divisions and then colleges. ITS will communicate with the appropriate division heads and deans to arrange appointments for their respective areas. 

Objectives: 

  1. To automatically update and patch university-owned Windows endpoints to include anti-malware software.
  2. To remotely install applications on university-owned Windows endpoints without requiring manual intervention by a technician or requiring administrative privileges.
  3. To apply an appropriate and secure configuration for all university-owned Windows endpoints.
  4. To identify and track university-owned Windows endpoints remotely on the network.
  5. To enroll all university-owned Windows endpoints in the ncat.edu domain.
  6. To upgrade all university-owned Windows endpoints to a currently supported version of the Windows operating system.
  7. To tag all university-owned endpoints with an ITS resource label for identification purposes.
  8. To collect basic inventory data on all university owned endpoints, such as the department and individual to whom the endpoint is assigned and its location.
The Enterprise Endpoint Management Project aligns with many cyber hygiene objectives to provide a secure configuration and a consistent process for managing security and patch updates. Cyber hygiene is a set of established practices for ensuring the security of critical data and networks. Examples of cyber hygiene best practices are listed below.
  • Perform regular security updates: patching devices and software is critical for resolving vulnerabilities and minimizing risk of university resources.
  • Perform automatic updates of anti-virus and anti-malware software: apply automatic updates to reduce exposure to vulnerabilities such as ransomware. 
  • Collect asset inventory: establish and maintain an inventory of all hardware and software on the university network.  
  • Implement strong authentication policies: enforce complex passwords and multi-factor authentication (MFA).  
  • Automate installation of software: minimize the need for administrative privileges or technician intervention.