Thursday, March 10, 2016 -
9:00am to 10:30am

Location Details: 

Information Technology Dept.
Room 208V
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:

  • Updates and News
  • Mobile Phone OWA
  • PC Life Cycle Guideline
  • Open Discussion

 

Meeting Recap:

News and Updates
  • ITD continues to work on an Enterprise service for a Remote Support Tool. Some ITD Desktop Support staff are now using the tool and have been very pleased with the features. Others teams within ITD have expressed interest in the tool as well and more licenses will probably be procured. At least four other agencies are also interested, representing another nine possible licenses.
OWA for Devices
  • Since the update to Exchange 2013, all new Exchange accounts have been created with the OWA for Devices features disabled. This is the same service policy as having ActiveSync disabled on accounts until a WMS is submitted for an account to have ActiveSync enabled. All existing accounts currently have OWA for Devices enabled, which is in contrast to the ActiveSync setting. To ensure both settings are applied consistently, ITD is considering disabling OWA for Devices on all existing accounts, and then enabling ActiveSync and OWA for Devices only when a WMS is submitted. The Technology Architecture team felt this was good practice and since only 7 users appear to be using it, would be easy to coordinate.
  • The group also discussed the OWA for iOS and Android (Microsoft) mobile app, which uses Exchange web services to sync an Exchange account via OWA for Devices. This combination does apply the ActiveSync policies to the containerized mobile app, and has the advantage of only wiping the app’s contents on a remote wipe instead of the whole device. A potential risk with that feature is that the mobile user could store attachments in the personal storage of the device that would then remain on the device after a remote wipe. When accessing webmail.state.nd.us with a mobile device, users may see a prompt to try Microsoft’s OWA app. More research will be needed to determine of other risks or concerns exist with OWA for Devices.
  • Also discussed was Outlook for iOS and Android, which differs in that it uses ActiveSync instead of OWA. This does force the PIN policy to the device but not the 10-attempt Lock or Remote Wipe policies. There is also concern that the product, which relies on an external server to manage the push/pull between Exchange and the mobile app, would be caching email and credentials in an un-approved location. This app will require further research but appears to be a security risk that will need addressing.
  • While on the topic of email, there was brief discussion about Outlook Anywhere, which uses HTTPS instead of VPN to access Exchange. ITD may look into it further but it is not a priority.
PC Life Cycle Guideline
  • After reviewing this guideline at a previous meeting, there were questions about whether it should include guidance on Printer Life Cycles as well as PCs. Further research shows that printer ‘life’ is based on Duty Cycle, typically pages per month, not on time. Personal printers typically handle a few thousand pages a month, while workgroup and enterprise-class models can exceed 100,000 pages per month. Heat, humidity, dust and vibration are also factors. So there appears to be no clear way to provide guidance to agencies on Printer Life Cycle. The Biggest concern the group has is that the older the printer is, the more likely it is to no longer receive firmware updates that would ensure it remains secure. This is a bigger problem with first generation ‘smart’ printers or printers with storage that cache documents, since those are now coming to end of life and may no longer be supported.
Future topics/open discussion
  • Open Discussion resulted in a question asking if anyone in the group had tested or used Windows Nano or Windows Server Core. ITD has begun testing Nano and is intrigued by some of the possibilities it offers. More to come.