¶ Desktops and Laptops
¶ MGB Documentation
- MGB Research Computing Network Access Control
- MGB Research Computing Secure Your Computer
- MGB Research Computing BYOD Compliance
¶ Elements of Compliance
- Supported Operating System
- Device Management
- Encryption
- AntiVirus
- Endpoint Agent
- NAC Agent
¶ Supported Operating System
MGB requires that all devices run a supported OS. Devices that can no longer run a supported OS will have to be retired or replaced. These devices will likely be blocked from the MGB network.
If you have a device, especially those connected to lab instrumentation, that cannot be upgraded please contact Computer Services for help. If we cannot find a solution then you may need to go through an exemption / variance process with an MGB site security officer.
¶ macOS Onboarding
Some elements of compliance are handled by PEAS after enrollment. PEAS will push Forescout (NAC Agent) to your device and prompt you to encrypt your computer during the next reboot.
Policies in Self Service are dynamically scoped out of your view if you already have that content. So, if an application is already installed then the policy will not be visible to you in Self Service.
¶ Device Management
Download MGB's MDM profile. Go to Settings > Device Management to install the profile. You'll need your computer password. After installation a number of Profiles should be present.
After a few minutes you should find the Self Service app in your Applications folder. Launch Self Service.
Use your MGB username and password at the Self Service authentication page.
Run the MGH Molecular Biology Enrollment policy in the Site Enrollment tab. Your device is enrolled.
¶ AntiVirus
ClamXAV is available in Self Service. Look for the ClamXAV policy in Applications.
¶ Endpoint Agent
Crowdstrike is required by MGB for compliance. Malwarebytes ThreatDown is not required but often handles remediation better than Crowdstrike. Both Crowdstrike and Malwarebytes are available in Self Service.
Look for the Crowstrike Falcon Sensor policy in Partners Resources.
Look for the Malwarebytes Enterprise policy in Applications.
¶ Windows Onboarding
Windows includes Windows Defender Antivirus which is sufficient for compliance.
¶ Device Management
Press the Windows key and search for the System Information utility. Open System Information to determine what OS your system has.
Contact Computer Services if you don't have Windows 11 Pro. We'll need to upgrade your device.
Press the Windows key and search for the Settings utility. Open Settings.
Click the Accounts sidebar in Settings and navigate to Access work or school.
If your device is connected to our domain then you will have an entry similar to the one below. Your device is already enrolled and you can stop here.
You'll have to click on the connect button to enroll in our domain. You will need your @molbio-research.net credentials during this process.
Navigate through the normal login process. You'll then see a couple of windows related to registering with our domain. If you are told you are all set, then you're all set!
If you encounter an error please let us know. The one shown below is the most common. It indicates that you're missing a license which we can provision for you.
¶ Encryption
¶ Check Bitlocker
¶ Enable Bitlocker
Please contact Computer Services if you don't have a TPM chip.
You should be all set. You can check the encryption status in the Bitlocker Menu or by hovering over the iron in your system tray.
¶ Endpoint Agent
Crowdstrike is required by MGB for compliance. Malwarebytes Threatdown is not required but often handles remediation better than Crowdstrike.
- MGB Research Computing Crowdstrike Installer and Instructions
- MGB Dropbox Malwarebytes Threatdown Installer.
¶ Forescout SecureConnector
MGB has provided links for the 32bit and 64bit versions of their NAC agent. You most likely need the 64bit version. Download the appropriate installer and hit run.
¶ Linux Onboarding
There currently aren't any compliance requirements for Linux devices. If applicable, you are responsible for securing any sensitive or privileged information on a Linux computer.
Contact Computer Services if you think you should secure your Linux device. We can help you encrypt your computer and install Crowdstrike.