Mobile Device Application Management

LJMU are rolling out a Microsoft Application Protection Policy to protect its corporate data when any of the Microsoft Office 365 apps are accessed on a mobile device. This will include Outlook, Teams, OneDrive and any of the Office suite of applications.

The protection policy only applies to LJMU corporate Office 365 applications. No personal applications or data will be affected.

The Policy has been implemented to safeguard the University from the following:

  1. Data being copied out of a corporate JMU application and into a private application. e.g. the content of an email being copied and then paste into a Facebook status or WhatsApp chat.
  2. Corporate data being saved onto personal devices. All corporate data must remain in either OneDrive or SharePoint Online.
  3. Corporate University emails being accessed via personal and third-party email applications such as those found on Apple or Android devices. 
  4. To enforce Multi factor authentication when accessing our accounts from a mobile device.

What exactly does this mean?

To access any LJMU corporate Office 365 applications from a mobile device you will have to pass a Multi Factor Authentication prompt. We strongly recommend using the Microsoft Authenticator app (Instructions are below). If you’re already using Multi Factor Authentication to access other LJMU services you may already have done this. If not please click on this link to configure your MFA settings: https://aka.ms/mfasetup 

Any access to your LJMU email or calendar will have to be done via the Microsoft Outlook app or if you are accessing them via the Outlook webpage you will need to use the Microsoft Edge browser to access the webpage. Third party mail and calendar apps such as android and apple will be blocked from accessing your LJMU email and calendar 

When accessing any corporate Office 365 application via your mobile device you will now be required to enter a 6-digit pin number or use the devices biometrics such as fingerprint or facial recognition to access the applications. If the application is left inactive for 180 minutes you will be asked again to authenticate again in order to continue to use those applications.

Documents and files produced in your corporate LJMU Microsoft applications e.g., the ones requiring your LJMU credentials to login to can only be saved in your LJMU OneDrive account or an LJMU SharePoint Online site. Once saved you will not be able to copy any part of those files into other applications e.g., WhatsApp or another none LJMU instance of Office 365. 

Once an email is sent from your LJMU email account again you will not be able to copy any part of that email into a none corporate LJMU application.

NB This does not affect any none LJMU corporate apps on your mobile device. Personal emails, a none LJMU Office 365 application local file storage none of these are affected. This as been enabled only when using an Office 365 application logged in with your LJMU credentials.

Apple Setup

Installing Microsoft Authenticator on an Apple Device

When using Multi Factor authentication you may already have installed Microsoft Authenticator.  If this is the case, you can ignore these steps and go straight to Opening my Apps on an Apple Device.

  1. Open the Apple Store and search for Microsoft Authenticator.
  2. Click Get as you would when downloading any app form the app store to start the download.
  3. Once Downloaded click open 

Microsoft Authenticator screenshot from App Store

   








4.  As the app opens you will be asked to register your device.

Help us keep your device secure popup

   



















5. Once your device is registered you can open any existing LJMU Office 365 applications you have installed. You can download the following apps from the app store
  • Microsoft Outlook
  • Microsoft Teams
  • Microsoft Office
  • Microsoft OneDrive

NB we have guides available on our webpages on how to install these apps

Opening my Apps on an Apple Device

The first time you open an LJMU Office 365 app after having successfully registered Microsoft Authenticator you will be presented with the following message:

organisation protecting warning message






Click OK and then restart the app.

Next, you’ll be prompted to setup a 6 digit PIN:

Enter 6 digit PIN screenshot










The PIN is used when accessing any of the LJMU Office 365 apps. If you’ve enabled biometric login on your device such as finger or facial recognition then Office 365 apps will accept that instead of the PIN number. You will still be required to configure a PIN number as a backup. PIN numbers can not be sequential i.e. 123456 or 456789.

You will also be asked to login with your PIN or biometrics if the app you are using has been inactive for 180 minutes.

When entering your PIN number, you will have 5 attempts to enter it correctly before you will be asked to reauthenticate with your username and password and to reset your PIN.

Android Setup

Installing Company Portal on an Android Device

On Android devices you will need to install the Microsoft Company Portal which is available in the Google Play store. Simply search Microsoft Company Portal in the Google Play store and download it as you would any app. If you install any Office 365 apps and try to access them without the Company Portal being installed, you will be redirected automatically to install the Portal. 

If you remove the Company Portal, you will lose access to your LJMU Office365 apps until it is reinstalled.  

To access the Company Portal, click on the Company Portal app and you will be asked to login (please use your username@ljmu.ac.uk). The apps in the company portal are just links to the Google play store.

You can download the following Office 365 apps from the Google Play store or via the Company Portal.

  • Microsoft Outlook
  • Microsoft Teams
  • Microsoft Office
  • Microsoft OneDrive
To access the Company Portal, click on the Company Portal app and you will be asked to login (please use your username@ljmu.ac.uk). The apps in the company portal are just links to the Google play store.

NB we have guides available on our webpages on how to install these apps

If you try to access your LJMU Office 365 applications without downloading the Company Portal, you’ll receive the following message:

InTune warning message for Outlook account










Either remove the account and log into your personal none LJMU Office 365 account if you have one or download the portal as above.

Opening my Apps on an Android Device

The first time you open an LJMU Office 365 app after having successfully registered Company Portal you will be presented with the following message.

Company Portal progress screen











Click Continue

Next, you’ll be asked to configure a 6-digit PIN number. Please note that the PIN number cannot be sequential i.e., 123456 or 345678

Set PIN screen












Should you ever need to reset your PIN number the best way is to delete Company Portal and re add it going through the set up once again.

If you have configured your device to accept a fingerprint for authentication, the 365 app will accept this, or you can say cancel and enter your PIN. Fingerprint authentication will only work on devices with android 6.0 or greater. After 180 minutes of inactivity, you will be required to re authenticate. 

If you are using multiple 365 apps, for example Outlook and Teams, you only have to authenticate once until you are seen as inactive.

Frequently Asked Questions

Can the University lock my phone or wipe my device?

No, we cannot remotely lock your phone, we do not manage the device. We can only wipe the data held within the LJMU office 365 apps. We cannot wipe your device.

I’ve tried to install the Office 365 apps but it’s not letting me install them?

You need to ensure your device is running either the latest operating system version of ios or android or one version below. If your device is not able to run these versions then your device is deemed too old and insecure.  You will not be able to access your Office 365 services on an old device. It is a security risk to not be running the latest operating systems.

Can I avoid having my device being managed by Mobile Application Management (MAM)?

If you want to access university data on your device then you cannot avoid MAM. If you try and access email via the web and not through the outlook app on your device then you will need to install the Microsoft Edge browser which is MAM managed.

Can I install the authenticator app and not be MAM registered?

Yes you can, you only need to be registered for MAM if you need to access the Office 365 apps on your device including Outlook and Teams.

When my device is registered for MAM, what can the University see on my device?

Your organization can't see:
  • Calling and web browsing history
  • Email and text messages
  • Contacts
  • Calendar
  • Passwords
  • Pictures, including what's in the photos app or camera roll
  • Files

On corporate-owned Android devices with a work profile LJMU can also see:
  • Apps and data in your personal profile
  • Phone number
Your organization can always see:
  • Device owner
  • Device name
  • Device serial number
  • Device model, such as Google Pixel
  • Device manufacturer, such as Microsoft
  • Operating system and version, such as iOS 12.0.1
  • Device IMEI
  • App inventory and app names, such as Microsoft Word

On personal devices, your organization can only see your managed app inventory, which includes work and school apps.

On corporate-owned devices, your organization can see all apps installed on the device.

On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.