Our EVPMA and Medical School Dean, Dr. Marschall S. Runge, conveyed the importance of increasing the security of our Michigan Medicine networks. The Network Admission Control, or NAC, initiative has been a major program undertaken to ensure the security of our Michigan Medicine networks and understand our connected device environment. Effective February 1, 2018, Michigan Medicine achieved the goal of ensuring that 100 percent of all devices connecting to its internal network are identified and accounted for. As a result:
- Wireless MFleet is accessible to:
- Wireless UMHS-8021X is accessible to:
- Wired Michigan Medicine network is accessible to:
- CoreImage and CoreMac general compute devices
- Devices enrolled in AirWatch and registered by HITS
- MiWorkspace general compute devices in the following areas: School of Nursing, Business Engagement Center, College of Pharmacy, Office of Research, University Health Services, and the Office of Technology Transfer
- Other devices (research, medical, facilities, communications, guest, merchant, or 3rd party) that are inventoried, categorized, and registered by a recognized Michigan Medicine service provider
HITS teams successfully inventoried all devices that access either the wired or wireless network and ensured that they have the necessary security protocols in place to protect two-way communication.
Devices are categorized as follows:
- Institutionally owned devices - those provided by or paid for by Michigan Medicine. If you have purchased a computing device with your own funds, but are then reimbursed for the purchase by the university or a research department or project in some fashion, this device is considered an institutionally-owned device. Most institutionally-owned devices are configured as "Core" (CoreImage or CoreMac) devices - with the proper security protocols in place.
- Devices that have not yet been cored must at least be inventoried so that they will be able to connect to the network. Device Support teams will identify these devices as such and make note to review them at a later date for appropriate action.
- Some UM-owned devices cannot be cored. For example, some research devices are customized for a specific task, and coring is not a compatible option. In this case, it is essential for these devices to be identified and inventoried so that they will be able to connect to the secure network.
- Personally owned devices - those acquired by an individual and paid for by personal funds. For personally-owned devices to connect to the Michigan Medicine network, AirWatch must be installed on the device. AirWatch is the device management tool which provides encryption and the security policy needed.
- MWireless-UMHS: Employees who choose not to enroll in AirWatch may use MWireless-UMHS as an alternative for Internet access. Employees may use a VPN connection to access internal resources
- MGuest-UMHS: This network is reserved for visitors, patients, and their families, and should not be used by Michigan Medicine or HITS staff.
Please note that MWireless and MGuest do not provide access to internal health system resources.
- UMHS-8021X: This network requires devices to be registered/inventoried or enrolled in AirWatch in order to connect, regardless of location. Network admission controls for the wireless network have been enforced across all Michigan Medicine locations. This network is primarily for personally owned or non-Core devices enrolled in AirWatch.
- MFleet: This network is reserved primarily for institutionally owned and managed or "Core" devices.
All devices connecting to the wired network have been identified. For any new device to be onboarded, please reach out to your service provider.
- Institutionally owned devices are inventoried or configured as "Core" devices: CoreImage or CoreMac
Users may schedule to have a device inventoried by contacting the Service Desk or visiting a Help Me Now location.
- For information about enrolling personally owned devices in AirWatch to access internal resources, see this page: AirWatch.
Internal resources include:
- Internal websites and SharePoint sites
- Network shared files and folders
- Accounts and systems requiring Michigan Medicine (Level-2) credentials
Assistance of Questions?
Health Information Technology & Services (HITS) offers three convenient ways to get help:
Click – our online customer service portal (help.medicine.umich.edu)
Call – the HITS Service Desk 24/7 at 734-936-8000
Visit – one of our walk-in “Help Me Now” sites