Research Security Requirements–Managed Laptops and Desktops


Overview

research security requirements banner

 

data classification navigation button secure mobile devices button

 

Managed Laptops and Desktops

Health Information & Technology Services (HITS) provides a variety of managed images for laptops and desktops to ensure a seamless connection to U-M systems while maintaining required information security standards. Managed images are customized versions of an operating system (such as Windows or macOS) that include standard software, built-in security features, and tools to simplify access to resources like network storage. These images help meet the minimum information security requirements by supporting key areas such as:

  • Access, Authentication, and Authorization Management
  • Encryption
  • Network Security
  • Security Log Collection, Analysis, and Retention
  • Third Party Vendor Security and Compliance
  • Vulnerability Management

Classic-CoreImage

HITS uses CoreImage to name its Michigan Medicine owned, centrally managed Microsoft Windows devices that are automatically configured with packaged applications and institutionally required security settings to provide a reliable, secure, and supportable computing environment--and is available in three modes: Standard, Flex, and Kiosk. Of these, Standard and Flex are the most commonly used in research settings.

CoreImage can only be installed on specific computer models due to engineering requirements. Approved models can be found in the IT Service Catalog at help.medicine.umich.edu under the Computers and Mobile Devices category.

Learn more about Classic-CoreImage and its features.

Standard Mode

Standard Mode is used in locations where users log directly into the Windows operating system to have a personalized experience for typical daily work, such as email, web browsing, and document creation.  This mode may be used when a device is assigned to just one person or in shared locations where users have lengthy sessions on the devices such as staff rooms. It features automated system updates and a scheduled start-up/shutdown cycle, reducing the need for manual maintenance.

 

 

Flex Mode

Flex Mode is intended for systems used in research instrumentation or long-running computations. To prevent interruptions, Flex Mode devices do not automatically reboot or shut down except for critical updates. However, users must still apply updates manually on a regular basis. If updates are not applied in a timely manner, the device will be disconnected from the network. Reconnection requires reimaging to ensure system integrity.

 

 

Kiosk Mode

Kiosk Mode is used in locations where users need a quick "walkup" encounter with the device and is primarily deployed in clinical environments. 

CoreMac/Izzy

CoreMac is the HITS-managed image for macOS devices and represents a Michigan Medicine–specific version of the campus MiWorkspace macOS environment, commonly referred to as Izzy. The terms “CoreMac” and “Izzy” are often used interchangeably.

CoreMac can be installed on any macOS device purchased through official U-M channels, such as the Tech Shop or Marketsite.

Devices purchased directly from the Apple Store must be actively supported by Apple and continue to receive vendor-provided security updates.

overview