With the support and direction from Michigan Medicine executive leaders, HITS has been asked to make changes to how our employees, affiliates, and learners access and use Michigan Medicine email. These changes are in response to the increased sophistication, impact, and frequency of digital security events in our environment, all of which can be attributed to how we access and use email today.

What’s changing:  

Access to Michigan Medicine Email: Beginning September 25, access to Michigan Medicine email will be limited to managed devices. Individuals who need access to email from an unmanaged device can use Windows Virtual Desktop (WVD) or Outlook Virtual App as an alternative . 

*Please see the Device Impact Summary below for specific details on impact to managed devices. 

Q: Why are we making this change?

A: Over the past several years, U-M has notified tens of thousands of patients about cybersecurity events involving their health or personal information. Cybersecurity events in 2022, 2023 and 2024 exposed additional patient records, creating regulatory, legal, reputational, and financial risks. These events are attributable to how we access and use email today, emphasizing the urgent need for changes in how we securely access and use email. 

Managed devices are secured by Michigan Medicine, and therefore less vulnerable to cyber-attacks via email.  These email attacks are only increasing in sophistication, frequency, and efficacy. 

Q: What is the impact to managed devices?

A: Managed devices provided by HITS, including CoreImage, CoreMac, Flex, and mobile devices enrolled in Intune will continue to have access to email. You may be presented with additional prompts to accept a certificate when logging in to email. We expect little to no impact for these devices.

MiWorkspace devices supported by ITS, will continue to have access to email via the Outlook client and office.com. You may be presented with additional prompts to accept a certificate when logging in to email. 

MiWorkspace PaaS units who require access to Michigan Medicine email from these devices will require an additional certificate to be deployed. Please see the Device Impact Summary for further details.

Individuals who require access to email from an unmanaged device can use Windows Virtual Desktop (WVD).

Q: Will I still be able to get email on my mobile device?

A: Yes, mobile devices enrolled in Intune, Michigan Medicine’s mobile device management platform, will be able to access email via the Outlook application on their mobile phone. 

Q: How are research devices impacted?

A: At this time managed research devices (Windows & Linux) that are not running CoreImage standard or flex modes will need to access email using WVD or from another managed device. We are working to bring research devices in parity with our other managed device services. These devices will continue to have access to required tools such as SharePoint, OneDrive, and Excel and our customers should have access through their primary devices for email and other business productivity applications. 

Q: How do I know if I have a managed device?

A: All HITS managed computing devices are assigned a unique eight-character name (aka, Device Name/TermID) that can often be found on a physical sticker attached to the device. If there is no sticker or tag, check the device’s settings. Visit the HITS Managed Computing Service site for more information on Managed Devices.  

Q: How do I find out if I have a managed device:  

A: Follow these steps: 

• Laptops and Desktops: Support documentation (MM Help Center). 

• Mobile devices: If your mobile device is enrolled and Intune (look for the CompPortal app) and you currently use the Outlook app to access email today, your device is already enrolled in Intune. 

Q: What do I do if I don't have a managed device?  

A: Request a managed computer or mobile device if you do not currently have access to one.  

Q: How do I check my email on a personal or public device? 

A: You will need to use Windows Virtual Desktop (WVD) to check email on an unmanaged laptop/desktop. 

Q: What is WVD and how can I use it to check my mail (if not on a managed device)? 

A: WVD, or Windows Virtual Desktop, is a Microsoft-based service that provides all Michigan Medicine faculty and staff that have a Michigan Medicine email address with remote access to a virtual Windows 11 desktop that can be safely used. You can access WVD on supported browsers. To get started, follow the instructions found on the Windows Virtual Desktop (WVD) - Getting Started KB Article.  

Q: Is there a preferred browser for checking email? 

A: Use Microsoft Edge as the preferred web browser for checking email. Other browsers may present you with additional prompts or require additional plug-ins to work and are not supported. 

Q: Can I enroll my personal laptop in Intune so that I can access email?  

A: No, Intune is only available for personal mobile devices. See the Michigan Medicine Help Center for instructions on how to enroll your personal mobile device in Intune.    

Q: If I have access to email on my personal mobile device today, do I need to do anything differently?  

A: No, if you have a mobile device enrolled in Intune today, nothing changes and you will continue to have access to the MM Outlook client for email after the changes is in place.   

Q: Will I be able to access Michigan Medicine email from my managed device provided by Sparrow or West?  

A: Yes, you will need to use Windows Virtual Desktop (WVD) to access Michigan Medicine email. 

Q: How will other M365 apps be impacted?

A: Other M365 apps will still be accessible from any device.

Q: What are email best practices I should be aware of?

A: Email is not intended for file storage, record keeping, or systems of work.

Limit the use of attachments in email. Link to a document in one of our strategic cloud solutions including M365 OneDrive, SharePoint, and Dropbox.

Learn how to spot phishing and scams. Don’t click on anything that looks ‘phishy’ and report it right away.