Apple and Windows Device Security Recommendations: Difference between revisions

From howdoi
No edit summary
No edit summary
 
(46 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{abox
{{AboxNew
| name         = iOS Devices
| name = Apple and Windows Device Recommendations
| summary      =  
| learning =  
| for_employees = Yes
| instruction =  
| for_students  = Yes
| community = x
| for_parents  = Yes
| summ = Recommendations for Apple and Windows devices at Riverdale
| cat1          = RCS software and services
| maintained = DIS
| cat2          =
| year = 2024-2025
| maintained   = DIS
| year         = 2020-2021
}}
}}
__TOC__


=Apple Help and Documentation=
=Apple Devices=
Apple provides a wealth of support documentation and online manuals for devices on their website.  
 
=== General Resources ===
Apple has excellent documentation for their device line-up. If you are looking for general resources related to your device, we recommend you start here.  


*[http://www.apple.com/support/ipad/ iPad]
*[http://www.apple.com/support/ipad/ iPad]
Line 19: Line 20:
*[https://www.apple.com/watch/ Watch]
*[https://www.apple.com/watch/ Watch]


=Best Practices=
=== Best Practices ===
===Syncing your iOS device===
It is a good idea to sync your iOS device to a laptop or desktop. Both iOS device and laptop/desktop can be supplied by Riverdale.


To retain the integrity of your iOS applications, settings and personal data, it is essential to frequently backup, or sync, the device to your computer. Sync must either be done over the USB cable, or through Wi-Fi  syncing to a single computer. Within iTunes, you should choose to '''encrypt''' the backup file for your device as an additional security precaution. You will find the checkbox for this option on the Summary page for the device when it is connected. If you do not encrypt the iTunes backup, all saved passwords for email and other accounts cannot be restored.
==== Back-up iOS or iPadOS Device ====
It is a good idea to back up, or sync, your iOS/iPadOS device to a [https://support.apple.com/en-us/HT211229 macOS] or [https://support.apple.com/en-us/HT212156 Windows] laptop or desktop computer or to [https://support.apple.com/en-us/HT211228 iCloud]. Both the iOS device and laptop or desktop can be supplied and/or managed by Riverdale.


===Loss and Theft protection===
To retain the integrity of your iOS applications, settings and personal data, it is essential to frequently backup, or sync, the device to your computer. Sync must either be done over the USB cable, or through Wi-Fi  syncing to a single computer. You should choose to '''encrypt''' the backup file for your device as an additional security precaution. You will find the checkbox for this option on the Summary page for the device when it is connected. If you do not encrypt the iTunes backup, all saved passwords for email and other accounts cannot be restored.
 
==== Loss and Theft protection ====
To enable you to find a lost or stolen school-owned iPhone or iPad, you are required to enable the '''Find My iPhone (iPad) service''' using your iCloud account. When this service is enabled, you will be able to track your device, as well as remotely clear it of all data.
To enable you to find a lost or stolen school-owned iPhone or iPad, you are required to enable the '''Find My iPhone (iPad) service''' using your iCloud account. When this service is enabled, you will be able to track your device, as well as remotely clear it of all data.


Full instructions on how to enable and utilize the '''Find My iPhone (iPad) service''' will be found at [https://support.apple.com/explore/find-my-iphone-ipad-mac-watch Apple Support - Find My iPhone, iPad, Mac and iWatch.]
Full instructions on how to enable and utilize the '''Find My iPhone (iPad) service''' will be found at [https://support.apple.com/explore/find-my-iphone-ipad-mac-watch Apple Support - Find My iPhone, iPad, Mac and iWatch.]


===Passcode Security===
==== Passcode Security ====
The single-user design of iPads and iPhones enables the retention of passwords for Riverdale Google accounts, as well as any other connections such as WebDAV and Citrix. Many mobile applications retain downloaded confidential data in readable format. Because of the mobile nature of these devices, the opportunity for theft or loss is greatly increased. As a result, deliberate or accidental access to confidential information, as well as outright malicious intent towards the safety of your data can occur. It behooves any mobile RCS user to protect access to important School services by using a more secure passcode.  
The single-user design of iPads and iPhones enables the retention of passwords for Riverdale Google accounts, as well as any other logins to personal email, banking and ecommerce sites. Many mobile applications retain downloaded confidential data in readable format. Because of the mobile nature of these devices, the opportunity for theft or loss is greatly increased. As a result, deliberate or accidental access to confidential information, as well as outright malicious intent towards the safety of your data can occur. It behooves any mobile RCS user to protect access to important School services by using a more secure passcode.  


====Setting the Passcode====
====Setting the Passcode====
Please enable a more secure passcode than the default 4 digits. Common sense alone requires you to set a more stringent passcode if you use your iPad/iPhone to access Riverdale services.
Please enable a more secure passcode than the default 4 digits. Common sense alone requires you to set a more stringent passcode if you use your iPad/iPhone to access Riverdale services.
'''Note''': If you have been given an iPad/iPhone which is managed by Riverdale, there is a requirement restriction in place which forces you to use a more complex passcode. There is no way to bypass this requirement.


*Make sure your iOS device has been upgraded to the latest iOS version through iTunes or via wireless updating (available in iOS version 6 or greater.)
*Make sure your iOS device has been upgraded to the latest iOS version through iTunes or via wireless updating (available in iOS version 6 or greater.)
Line 41: Line 45:
**If a Passcode has ''not'' been enabled, please enable it now by selecting the '''Turn Passcode On''' button.
**If a Passcode has ''not'' been enabled, please enable it now by selecting the '''Turn Passcode On''' button.
*Set the '''Require Passcode''' to 15 minutes or less.
*Set the '''Require Passcode''' to 15 minutes or less.
*Set '''Simple Passcode''' to OFF
*Set '''Simple Passcode''' to OFF - this option may be disabled if Riverdale has placed a more complex passcode requirement.
**This setting will then ask for you to enter a more complex password which can contain upper & lower case letters, numbers, and punctuation marks. At the very least, create a passcode which follows the [http://knowledge.riverdale.edu/index.php?title=Change_My_Passwords#Password_Requirements requirements for your Riverdale Domain password.]
**This setting will then ask for you to enter a more complex password which can contain upper & lower case letters, numbers, and punctuation marks. At the very least, create a passcode which follows the [https://howdoi.riverdale.edu/wiki/Create_a_Strong_Passphrase requirements for your Riverdale Domain password.]
***Using your Riverdale Domain password is '''not recommended''' for this passcode. See this page on [http://secure.wikimedia.org/wikipedia/en/wiki/Shoulder_surfing_%28computer_security%29 Shoulder Surfing] for more information on this recommendation.
***Using your Riverdale Domain password is '''''not recommended''''' for this passcode. See this page on [http://secure.wikimedia.org/wikipedia/en/wiki/Shoulder_surfing_%28computer_security%29 Shoulder Surfing] for more information on this recommendation.
*Optionally, select the '''Erase Data''' setting to erase all data on the iOS device after 10 failed passcode attempts. If you use this setting, make sure to sync your iOS device with iTunes on a regular basis. After the '''Erase Data''' mechanism is invoked, the iOS device will be wiped clean and you will need to restore the settings & applications through iTunes.
*Optionally, select the '''Erase Data''' setting to erase all data on the iOS device after 10 failed passcode attempts. If you use this setting, make sure to backup and sync your iOS device on a regular basis. After the '''Erase Data''' mechanism is invoked, the iOS device will be wiped clean and you will need to restore the settings & applications from your laptop/desktop or through iCloud.
 
===Resetting & Erasing a macOS laptop or iOS device for return===
 
When you return a Riverdale-provided Mac Laptop or iPad/iPhone to the Technology Department, you must make sure that you follow the steps below to disable '''Find My iPad (iPhone)''' (see above) and to delete (iPad) or logout from (laptop) your iCloud account. You '''must''' reset your iPad to factory settings before you return it. If you have forgotten the passcode for your iPad and cannot reset it yourself, '''and''' [http://www.apple.com/icloud/find-my-iphone.html Find My Device] is still enabled, please inform the Technology Department.  On a returned laptop, it is suggested that you remove any personal documents in your user account. Laptops will be wiped clean (digitally and physically) for you by the Tech department and we won't login to inspect any files or data.


====Supervised iPad Procedures====
== Windows Devices ==


If you have an iPad which has been preconfigured with apps and settings, it is most likely supervised and needs to be returned to iPad specialists at the River and HIll campuses for un-supervision.
=== General Resources ===
We recommend running '''Windows 11''', which is the latest operating system from Microsoft: [https://www.microsoft.com/software-download/windows11 Download Windows 11]


====iPad Procedures====
=== Best Practices ===
If you are returning an iPad which you have self-managed, follow these instructions.


#'''Disable Touch ID or Face ID (if enabled) & Passcode''' - Go to Settings > Touch ID & Passcode. Disable all the Touch ID options and select the '''Turn Passcode Off''' option.
==== Logging In ====
#'''Find My iPad''' - Go to Settings > iCloud > Find My iPad and switch it off. Your AppleID and password is required.
'''Windows Hello''' is a secure way to get instant access to your Windows 11 devices using a '''PIN, facial recognition, or fingerprint'''. You'll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN. These options help make it easier and safer to sign into your PC because your PIN is only associated with one device. Information about: [https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0 Windows Hello]
#'''Sign out of iCloud''' - In the same iCloud settings pane at the bottom, tap the '''Sign Out''' button. Your AppleID and password, as well as the device passcode, may be necessary.
#'''Erase all Content and Settings''' - reset the iPad to factory settings by going to Settings > General > Reset > Erase  All Content and Settings. You will need to type the device passcode.


Once the iPad has been wiped clean, it offers the setup screen. Power down by holding down the power button on the top-right edge of the iPad, and swipe the "slide to power off" button.
==== Protect Your Data ====
Windows has a [https://support.microsoft.com/en-us/windows/back-up-your-windows-pc-87a81f8a-78fa-456e-b521-ac0560e32338 backup feature] in the operating system, but we generally recommend storing your data on Riverdale's Google Drive. We back up your RCS GDrive for you!


====Laptop Procedures====
==== Antivirus ====
The Windows operating system comes with [https://en.wikipedia.org/wiki/Microsoft_Defender_Antivirus Windows Defender]. This is a functional and well regarded antivirus product, and it's free. On Riverdale managed laptops, we deploy Sophos antivirus, which is managed via Sophos Central.


*Go to System Prefs > iCloud.
==== Keep Your Device Up-to-Date ====
*Uncheck all options, including Find My Mac
It's best practice to keep Windows up-to-date via [https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a Windows Update] and to update drives from the manufacturer (Dell, HP, Lenovo, etc). Drivers from the manufacturer can be found on their respective Support page. They often provide a "device scanner" tool that takes inventory of your machine and only applies the updates/drivers that it's missing.
*Click the iCloud Sign Out button.

Latest revision as of 10:40, 8 August 2024

Howdoi Banner.png
People Graphic.png
Learning Instruction Community
Check Mark Graphic - Unchecked.png Check Mark Graphic - Unchecked.png Check Mark Graphic.png
SummaryRecommendations for Apple and Windows devices at Riverdale
AuthorMaintained by Derek Smith
HelpGet help with this article
StatusUp-to-date for the 2024-2025 school year.

Apple Devices

General Resources

Apple has excellent documentation for their device line-up. If you are looking for general resources related to your device, we recommend you start here.

Best Practices

Back-up iOS or iPadOS Device

It is a good idea to back up, or sync, your iOS/iPadOS device to a macOS or Windows laptop or desktop computer or to iCloud. Both the iOS device and laptop or desktop can be supplied and/or managed by Riverdale.

To retain the integrity of your iOS applications, settings and personal data, it is essential to frequently backup, or sync, the device to your computer. Sync must either be done over the USB cable, or through Wi-Fi syncing to a single computer. You should choose to encrypt the backup file for your device as an additional security precaution. You will find the checkbox for this option on the Summary page for the device when it is connected. If you do not encrypt the iTunes backup, all saved passwords for email and other accounts cannot be restored.

Loss and Theft protection

To enable you to find a lost or stolen school-owned iPhone or iPad, you are required to enable the Find My iPhone (iPad) service using your iCloud account. When this service is enabled, you will be able to track your device, as well as remotely clear it of all data.

Full instructions on how to enable and utilize the Find My iPhone (iPad) service will be found at Apple Support - Find My iPhone, iPad, Mac and iWatch.

Passcode Security

The single-user design of iPads and iPhones enables the retention of passwords for Riverdale Google accounts, as well as any other logins to personal email, banking and ecommerce sites. Many mobile applications retain downloaded confidential data in readable format. Because of the mobile nature of these devices, the opportunity for theft or loss is greatly increased. As a result, deliberate or accidental access to confidential information, as well as outright malicious intent towards the safety of your data can occur. It behooves any mobile RCS user to protect access to important School services by using a more secure passcode.

Setting the Passcode

Please enable a more secure passcode than the default 4 digits. Common sense alone requires you to set a more stringent passcode if you use your iPad/iPhone to access Riverdale services.

Note: If you have been given an iPad/iPhone which is managed by Riverdale, there is a requirement restriction in place which forces you to use a more complex passcode. There is no way to bypass this requirement.

  • Make sure your iOS device has been upgraded to the latest iOS version through iTunes or via wireless updating (available in iOS version 6 or greater.)
  • From the Settings app, go to the General setting and choose Passcode or Touch ID/Face ID & Passcode (on a Touch ID/Face ID equipped device.)
  • Enter your simple, 4-digit passcode, if enabled.
    • If a Passcode has not been enabled, please enable it now by selecting the Turn Passcode On button.
  • Set the Require Passcode to 15 minutes or less.
  • Set Simple Passcode to OFF - this option may be disabled if Riverdale has placed a more complex passcode requirement.
    • This setting will then ask for you to enter a more complex password which can contain upper & lower case letters, numbers, and punctuation marks. At the very least, create a passcode which follows the requirements for your Riverdale Domain password.
      • Using your Riverdale Domain password is not recommended for this passcode. See this page on Shoulder Surfing for more information on this recommendation.
  • Optionally, select the Erase Data setting to erase all data on the iOS device after 10 failed passcode attempts. If you use this setting, make sure to backup and sync your iOS device on a regular basis. After the Erase Data mechanism is invoked, the iOS device will be wiped clean and you will need to restore the settings & applications from your laptop/desktop or through iCloud.

Windows Devices

General Resources

We recommend running Windows 11, which is the latest operating system from Microsoft: Download Windows 11

Best Practices

Logging In

Windows Hello is a secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You'll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN. These options help make it easier and safer to sign into your PC because your PIN is only associated with one device. Information about: Windows Hello

Protect Your Data

Windows has a backup feature in the operating system, but we generally recommend storing your data on Riverdale's Google Drive. We back up your RCS GDrive for you!

Antivirus

The Windows operating system comes with Windows Defender. This is a functional and well regarded antivirus product, and it's free. On Riverdale managed laptops, we deploy Sophos antivirus, which is managed via Sophos Central.

Keep Your Device Up-to-Date

It's best practice to keep Windows up-to-date via Windows Update and to update drives from the manufacturer (Dell, HP, Lenovo, etc). Drivers from the manufacturer can be found on their respective Support page. They often provide a "device scanner" tool that takes inventory of your machine and only applies the updates/drivers that it's missing.