SMU Intune Privacy Statement for Managed Devices

1) Purpose & Scope
This statement explains what information Southern Methodist University (SMU) collects from SMU-owned devices enrolled in Microsoft Intune (Microsoft Endpoint Manager), how that information is used, and what actions the Office of Information Technology (OIT) may take to protect University data and systems. This statement applies only to SMU-owned devices enrolled in Intune device management.

2) Information Collected by Intune
Intune collects configuration and security data necessary to manage devices and protect University information. Typical categories include:

  • Device identifiers (name, serial/asset tag, platform/OS, IMEI/UDID)
  • Hardware/OS posture (model, OS version/build, patch level, encryption status, jailbreak/root detection)
  • Compliance & configuration (required settings, certificate/profile status)
  • App inventory (list of installed apps, scope varies by platform)
  • Security telemetry (antivirus status, threat detections, device risk signals, management health)
  • Network metadata (current/last IP, SSID name, check-in times; not content inspection)
  • Location (not continuously tracked; possible only if device is in Lost Mode)

Notes:

  • Intune does not capture the contents of personal email, photos, SMS/MMS, phone logs, or documents outside managed apps.
  • App Protection (MAM) management is restricted to work data inside managed apps; OIT cannot view or wipe personal data/apps.

3) What Intune Does Not Collect
Unless explicitly stated by platform and policy, Intune/OIT does not:

  • Read the contents of personal email, messages, photos, files, call audio, or camera/microphone feeds.
  • Record keystrokes or screen activity.
  • Collect personal browsing history, personal location history, or personal contacts outside managed apps and profiles.

4) How SMU Uses This Information
Collected information is used to:

  • Enforce security requirements (encryption, screen lock, OS updates, malware protection)
  • Verify compliance for access to University resources (Conditional Access)
  • Inventory SMU-owned equipment and software licenses
  • Troubleshoot device issues and support end-users
  • Detect, investigate, and respond to security incidents
  • Fulfill legal, regulatory, and policy obligations (e.g., safeguarding student records and research data)

Access to device data is restricted to authorized OIT personnel with a legitimate business need and is governed by SMU policy and confidentiality requirements.

5) Management Actions OIT May Take
Depending on ownership and policy, OIT may:

  • Require device passcode/PIN, encryption, and OS/patch compliance
  • Deploy or remove SMU applications and configuration profiles
  • Initiate anti-malware scans and remediate detected threats
  • Perform corporate or full wipe of SMU-owned devices when lost, stolen, repurposed, or at separation
  • Lock or disable access to University resources if a device is non-compliant or poses risk
  • Take emergency actions without prior notice to protect University systems and data

6) Data Retention & Sharing
Device management and security logs are retained only as long as necessary to operate services, investigate issues, meet legal requirements, and comply with SMU policy. Data may be shared with internal stakeholders (e.g., Information Security, Compliance, HR) or external parties (e.g., law enforcement, incident response vendors) when required by policy or law and following appropriate approvals.

7) Policy References

  • SMU Acceptable Use Policy
  • SMU Information Security Policy / Standards
  • SMU Privacy Notice

8) Contact
SMU Office of Information Technology (OIT) Help Desk
Email: help@smu.edu
Phone: 214-768-4357
Website: https://www.smu.edu/oit/help

9) Acknowledgement
Use of SMU-owned devices that access University resources indicates understanding of, and agreement to comply with, this privacy statement and the applicable SMU policies referenced above.