Check the Inventory Management Wired Deployment Schedule to find out when changes to the wired network will take place for your area.
Our EVPMA and Medical School Dean, Dr. Marschall S. Runge, has conveyed the importance of increasing the security of our Michigan Medicine networks. The Network Admission Control, or NAC, initiative is one way we can better secure the wired and wireless networks by understanding our connected device environment and setting minimum requirements to connect to the Michigan Medicine networks.
- Wireless MFleet is accessible to:
- Wireless UMHS-8021X is accessible to:
- Wired Michigan Medicine network is accessible to:
- CoreImage and CoreMac general compute devices
- Devices enrolled in AirWatch and registered by HITS
- MiWorkspace general compute devices
- Other devices (research, medical, facilities, communications, guest, merchant, or 3rd party) that are inventoried, categorized, and registered by a recognized Michigan Medicine service provider
Overview of Change
For more information, see the What is NAC and why are we implementing it? document.
HITS teams are in the process of inventorying all devices that access either network and ensuring that all devices have the necessary security protocols in place.
Employees who choose not to enroll in AirWatch may use MWireless-UMHS as an alternative for Internet access. Employees may use a VPN connection to access internal resources.
Visitors, patients, and families should use the MGuest-UMHS network for a WiFi Internet connection. Please note that MWireless and MGuest do not provide access to internal health system resources.
Devices are categorized as follows:
- Institutionally-owned devices - those provided by or paid for by Michigan Medicine. If you have purchased a computing device with your own funds, but are then reimbursed for the purchase by the university or a research department or project in some fashion, this device is considered an institutionally-owned device. Most institutionally-owned devices are configured as "Core" (CoreImage or CoreMac) devices - with the proper security protocols in place.
- Devices that have not yet been cored must at least be inventoried so that they will be able to connect to the network. Device Support teams will identify these devices as such and make note to review them at a later date for appropriate action.
- Some UM-owned devices cannot be cored. For example, some research devices are customized for a specific task, and coring is not a compatible option. In this case, it is essential for these devices to be identified and inventoried so that they will be able to connect to the secure network.
- Personally-owned devices - those acquired by an individual and paid for by personal funds. For personally-owned devices to connect to the Michigan Medicine network, AirWatch must be installed on the device. AirWatch is the device management tool which provides encryption and the security policy needed.
- The UMHS-8021X wireless network requires devices to be registered/inventoried or enrolled in AirWatch in order to connect, regardless of location. Network admission controls for the wireless network have been enforced across all Michigan Medicine locations. This network is primarily for personally-owned or non-Core devices enrolled in AirWatch.
- The MFleet wireless netowrk is reserved primarily for institutionally-owned and managed or "Core" devices.
- Controls for the wired network, aka any port in the wall that currently allows devices to connect to the internet/intranet by Ethernet cable, are being enabled in stages based on physical location. The wired switchover will occur floor-by-floor, building-by-building, through the end of the year.
Check the Wired Deployment Schedule to see when your area is scheduled. (Please be aware that dates may change to have less disruption to customers and patients).
You will receive communication specific to your location as network controls are put in place. However, all Michigan Medicine staff may take the following steps now:
- Ensure that institutionally-owned devices are currently inventoried or configured as "Core" (CoreImage or CoreMac) devices.
Users may schedule to have a device inventoried by contacting the Service Desk or visiting a Help Me Now location.
- Enroll personally-owned devices requiring access to internal resources in AirWatch. Internal resources include:
- Internal websites and SharePoint sites
- Network shared files and folders
- Accounts and systems requiring Level-2 credentials
Assistance of Questions?
Health Information Technology & Services (HITS) offers three convenient ways to get help:
Click – our online customer service portal (help.medicine.umich.edu)
Call – the HITS Service Desk 24/7 at 734-936-8000
Visit – one of our walk-in “Help Me Now” sites