- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Using automation to drive efficiency and innovation at SFU
- Welcome to the new SFU Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to SFU email practices
- Transforming the SFU experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Managed Windows
Supported Windows Operation systems (OS)
Windows 10 Enterprise, 64-bit
Windows 11 Enterprise, 64-bit
TECHNICAL DETAILS
For IT administrators
View our Managed Windows wiki on Confluence for more technical details.
This is only accessible to IT administrators.
FAQ
Pre-Installation FAQ
How long will it take to enroll my computer in MEM?
Generally, when IT staff enrol your device, Windows will restart 2 (or in rare cases 3) times over about a 15 minute period. Installation of the Endpoint Manager client and services will continue in the background and you should be able to leave campus in less than 2 hours. This may take longer if large software packages are pending.
Will my work be impacted?
Installation will require a couple of reboots on your computer when the client is first installing. After that the installation will continue to run in the background without niceable impact to the user.
If I have a laptop do I need to bring it on campus?
Yes. At this time, it is required to bring it to campus to do the initial install Endpoint Manager. Once this is accomplished, it will function off-campus.
Privacy Concerns - What information does Endpoint Manager collect?
The IT Services implementation of Endpoint Manager has been customized to collect only the data needed to support computers running a Microsoft Windows operating system. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, encryption, etc)
- Connected Peripheral Devices
No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history. All data is stored on-premises as of July 2020.
(If you have roaming profiles for backup on your desktop or backup on your laptop, these files are stored on SFU's servers separately from Endpoint Manager)
Post-Installation FAQ
Is my computer enrolled in Endpoint Manager?
To find out if your computer is enrolled, look for the Endpoint Manager object found in the Windows Control Panel. Additionally, you may look for “Software Center” in your Windows Start menu.
What is Software Center?
The Software Center application is similar to a mobile device app store (similar to Managed Software Center on University Macs), but it provides customized content for university Windows systems. This content includes access to University approved software, maintenance task scheduling, support options, and other documentation.
Can I connect to Software Center when I am off-campus?
Beginning October 26, 2020, MEM clients are able to take configuration and software updates from off-campus.
Devices that have not been on campus since this date must connect to the campus network one last time in order to pick up this new policy change. The SFU VPN service is adequate for performing this from off-campus. See your local IT support staff for more information.
How do I update software?
UPDATING SOFTWARE
The Software Center gives you the flexibility of choosing which applications to update and when to update them.
Additonally, the Options tab allows clients to choose "Business Hours" when updates should not run in order to minimize interruptions.
The software install deadline is clearly shown. After this date, clients are given a couple days to defer, but after this point all updates are forced to install.
How can I choose when updates run?
Setting updatea auto-install options
Open Software Center and click the "Options" tab on the left. Here you may specify "Business Hours" which is effectively the times that MEM may not install software and updates. Please choose a reasonable time frame.
All software deployments have a deadline of 14 days from notifiaction. Failing to allow Windows to apply updates within this two week period will result in a forced install that may interrupt your work day!
Technical Questions
How does Endpoint Manager work?
The Endpoint Manager infrastructure consists of several high-performance, redundant servers which provide a database of computer information and data storage for programs, applications, and operating system images for deployment to end-user computers. Endpoint Manager uses a small software utility known as an "agent" to communicate with the servers. This agent inventories hardware specifications, software installation information and provides for the automated installation of software updates and security patches. Included with the agent is another application called "Software Center", which will be described below.
All client/server communication is encrypted by a certificate pair configured when the agent is installed.
What changes does the installation of Endpoint Manager make to a PC?
Endpoint Manager installs the agent to your PC. The agent runs in the background and will not interfere with the operation of your computer. Additionally, Endpoint Manager installs the Software Center application and the Endpoint Manager control panel object.
Will I still have Administrative access to my PC?
Device management doesn't preclude ownership nor administration of the PC.
Managed Windows at SFU adopts best practices for security, patching and configuration options as specified by your IT unit.
There will be no automatic changes to the privileges of your user account by enrolling in Endpoint Manager. Your local IT support will contact you if changes are to be made.
What policies are enforced?
Firewall, security, and Applocker policies are default on all managed Windows systems at SFU. Additional distribution of policies is the responsibility of individual local IT manager. If you have any questions about what policies are enforced, please contact your local IT support.
IT Services does provide and maintain a large catalog of software, maintenance tasks, and other links in Software Center. The Software Center catalog may also be supplemented by your local IT support, with support for self-service items (for example, Adobe Acrobat Pro to users with SFU Adobe Enterprise IDs).
Support for IT staff on Managed Windows
This is for IT administrators only.
- Ask questions about managed Windows
- Request access to the official documentation on Confluence
- Request training and onboarding