Skip to main contentSkip to main navigationSkip to footer content

Mobile Application Management Policy

Policy Purpose

This policy defines the requirements, limitations, and responsibilities in which end users, with legitimate business purposes, are permitted to access University Microsoft 365 accounts using personal mobile devices.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to protect the university from unauthorized access or data exposure resulting from lost, stolen, or otherwise compromised mobile devices. This policy defines the mobile application management security controls needed to protect the university. The data described in this policy remains the property of the University and is required to be returned and/or removed from any persistent storage on mobile devices upon termination of
employment.

Applicability

This policy applies to all University employees, students, contracted employees, and any other authorized user who configures a mobile device for persistent access to a University Microsoft 365 account.

Definitions

Jailbreaking – Modifying Apple devices specifically to attain privileged control or administrator-level access to the device’s operating system.
Rooting – Modifying Android devices specifically to attain privileged control or administrator-level access to the device’s operating system.
Mobile device – Mobile devices are smartphone or tablet devices that typically run Apple iOS or Google Android mobile operating systems, among others. These portable devices include some form of internet connectivity (Wi-Fi and/or cellular) and are used to perform various functions such as reading and responding to emails, accessing university applications, and interacting with university data.
MAM – Mobile Application Management.
Mobile application protection policy – A MAM policy defined in Microsoft Intune that targets University Microsoft 365 accounts and applies security and data protection policies to mobile applications accessing data in those accounts.

Policy Procedure

Mobile devices will be permitted to access protected resources belonging to a University Microsoft 365 account if they meet the following criteria via the UAFS mobile application protection policy:
1. Encrypted device storage – The mobile device must have encryption enabled for internal persistent storage. This is required in order to protect stored information in the event of a mobile device being lost or stolen. Many devices are already encrypted by default or can have encryption enabled in the device settings.
2. Authentication – The mobile application accessing University data must be locked, requiring authentication before allowing access to data. This may be a PIN, gesture, passphrase, biometric authentication, or other secure authentication mechanism. This is required to help restrict unauthorized access to University resources and information.Mobile devices must not be Jailbroken or Rooted – The risks involved from jailbreaking or rooting mobile devices may introduce vulnerabilities and bypass protections put in place by the manufacturer
and/or the University.
3. Installation of the Intune Company Portal app (Android devices only) – This application enables the University to remotely manage mobile applications used to access University resources. This application will verify certain technical requirements, such as encryption or passcodes, are maintained on the device.
4. Only University managed applications will be allowed to share data to other University managed apps. Copy/paste functionality will also be restricted to only between policy managed apps. This will partition University data from other data on your device and ensure that a compromised device cannot access University data.
Employee Responsibilities - By adding your University Microsoft 365 account to mobile applications, you are also agreeing to the following:
1. When a user leaves the University, it is the responsibility of the user to remove all University data and accounts from their mobile devices. This includes email, Microsoft 365 documents, and any other data belonging to University accounts.
2. When a user leaves the University and does not remove their UAFS emails and accounts, the University ITS department may act to remotely remove the University’s data from the device.

Enforcement

The University leverages Microsoft Intune to establish technical controls that enable the capabilities for enforcing the requirements of this policy. 

Policy Management

This policy is managed by the IT department. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

UAFS Google accounts (g.uafs.edu) are outside the scope of the mobile application management policy.

Effective and Approved Date

This internal policy was approved by Terry Meadows – Director of IT/CIO on 1/25/2024

Last Updated

10/3/2025 – Reformatted for accessibility by Terry Meadows Director of IT/CIO