¶ Desktops and Laptops
¶ MGB Documentation
- MGB Research Computing Network Access Control
- MGB Research Computing Secure Your Computer
- MGB Research Computing BYOD Compliance
¶ Elements of Compliance
- Supported Operating System
- Device Management
- Encryption
- AntiVirus
- Endpoint Agent
¶ Supported Operating System
MGB requires that all devices run a supported OS. Devices that can no longer run a supported OS will have to be retired or replaced. These devices will likely be blocked from the MGB network.
If you have a device, especially those connected to lab instrumentation, that cannot be upgraded please contact Computer Services for help. If we cannot find a solution then you may need to go through an exemption / variance process with an MGB site security officer.
¶ macOS Onboarding
¶ Device Management - Corporate Purchased Devices
The Company Portal app is where you'll enroll your device into Intune, the compliance software MGB uses for MacOS. You can download it below.
After enrollment is complete you'll need to change the password to your computer.
Navigate to System Preferences > General > Device Management. Double click on the downloaded profile.
Install using your computer password.
¶ Device Management - Personal Devices
After installing Intune, you'll need to have your device manually moved into our Molbio group. Please reach out to Computer Services for assistance with this.
¶ AntiVirus
ClamXAV should be automatically pushed to your device once it's been added to the Molbio group. If not, its available in Company Portal. Look for ClamXAV under Apps.
¶ Endpoint Agent
Crowdstrike is required by MGB for compliance. Crowdstrike should be automatically installed when you enroll in Intune. Check for it in your device's Application folder. If it's not installed, you can do so through Company Portal.
¶ Threatdown
Threatdown should be automatically installed when your device is moved into the Molbio group. You can verify it's installed by checking for the logo on the top of your screen. Check with Computer Services if you don't have Threatdown installed.
¶ Windows Onboarding
Windows includes Windows Defender Antivirus which is sufficient for compliance.
¶ Device Management
Press the Windows key and search for the System Information utility. Open System Information to determine what OS your system has.
Contact Computer Services if you don't have Windows 11 Pro. We'll need to upgrade your device.
Press the Windows key and search for the Settings utility. Open Settings.
Click the Accounts sidebar in Settings and navigate to Access work or school.
If your device is connected to our domain then you will have an entry similar to the one below. Your device is already enrolled and you can stop here.
You'll have to click on the connect button to enroll in our domain. You will need your @molbio-research.net credentials during this process.
Navigate through the normal login process. You'll then see a couple of windows related to registering with our domain. If you are told you are all set, then you're all set!
If you encounter an error please let us know. The one shown below is the most common. It indicates that you're missing a license which we can provision for you.
¶ Encryption
¶ Check Bitlocker
¶ Enable Bitlocker
Please contact Computer Services if you don't have a TPM chip.
You should be all set. You can check the encryption status in the Bitlocker Menu or by hovering over the iron in your system tray.
¶ Endpoint Agent
Crowdstrike is required by MGB for compliance. Malwarebytes Threatdown is not required but often handles remediation better than Crowdstrike.
- MGB Research Computing Crowdstrike Installer and Instructions
- MGB Dropbox Malwarebytes Threatdown Installer.
¶ Linux Onboarding
There currently aren't any compliance requirements for Linux devices. If applicable, you are responsible for securing any sensitive or privileged information on a Linux computer.
Contact Computer Services if you think you should secure your Linux device. We can help you encrypt your computer and install Crowdstrike.