Mobile Device Management FAQs


What is Ivanti Mobile at Work?

Ivanti Mobile at Work is software used at the Medical Center to secure and manage business apps, documents, and other business content on smartphones and tablets. It allows CUIMC-IT to set security and management rules on these mobile devices. The Ivanti app provides the IT department with information about the device and its security state. It also allows users to access Epic from their smartphone or tablet.  For an overview, please see Information Security's Mobile Device Management page.

Do I need to install Ivanti on my phone or tablet again if I am already enrolled with NYP MDM?

No, you do not need to install it again if you have previously had your phone or tablet configured by NYP or Cornell Med.

What phones and tablets are supported to work with Ivanti Mobile at Work?

Ivanti is targeted at phones and tablets running Apple iOS or Google Android operating system software:

What is needed to set up and use Ivanti Mobile at Work?

  1. A mobile device running one of the supported operating system versions listed above
  2. An Apple ID or Google Play account (to download the MobileIron app)
  3. Internet access on the device (WiFi or mobile data connection)
  4. A CWID (NYP Center Wide ID) account and password

To install Ivanti Mobile at Work see instructions for iPhone/iPad and Android devices.

How do I get a CWID account?

To obtain a CWID please contact your department administrator or supervisor. CUIMC-IT is not able to create or request CWIDs.  If you are not sure whether you have one already or need help with your CWID please see NYP's oneID Password Management page.

If my phone or tablet is remotely wiped, will my personal information also be deleted?

No. Only the container on your phone that holds business apps, such as Epic, will be wiped from the device. However, IT can wipe the entire device at your request.

What information does MobileIron collect about me and my device?

IT can only see data such as carrier, country, device make and model, OS version, phone number, list of installed apps, name, phone number, and corporate email (SMS messages can't be read, see the next FAQ for more information). It also verifies that the device complies with using a passcode and encryption as required by University Policy.  The Ivanti app permissions are as follows:

Apps Ivanti Mobile at Work can only see apps that it manages (those that CUIMC makes available), and can only delete its own managed applications.
Calls and text messages Ivanti Mobile at Work cannot access test messages or calls.
Messaging apps Ivanti Mobile at Work can only see apps that it manages. Your personal messaging apps cannot be accessed. 
Location Ivanti Mobile at Work does not track the location of your device.
Device information Ivanti Mobile at Work collects the phone number, IMEI, SIM, model, manufacture, device name, mobile carrier, storage capacity, and IP address.
Device status Last check-in, jail-broken/rooted device, OS version, PIN/Passcode present, device encryption, battery level.
Pictures, videos, multimedia Ivanti Mobile at Work cannot see your pictures or videos.
Corporate wipe Ivanti Mobile at Work can only retire your device, which will remove enrollment, corporate data, and any managed applications. Once the corporate wipe is performed, the device is no longer managed under Ivanti Mobile at Work.
Full device wipe This is only done via a ticket to the Information Security Office (ISO). ISO has to document the request and log in to a separate account with elevated privileges to perform a full device wipe. NOTE: This cannot be done if a corporate wipe was processed.

Please see Mobile Device Management (MDM) Privacy Information for more details.

Can IT spy on my phone or tablet once Ivanti Mobile at Work is installed?

CUIMC-IT does not want to spy on you, nor does Ivanti Mobile at Work allow IT to see data such as personal email, voicemails, photos, videos, and web activity. Even within the bounds of technology, University policy strictly limits what CUIMC-IT can do. For more information, see the Acceptable Use of Information Resources Policy and the Information Security Charter.

What changes will I see on my device once Ivanti Mobile at Work is installed?

When Ivanti is installed on the phone or tablet, a list of "profiles" with configuration settings will appear under Settings > General > Device Management. The "Password Policy" profile appears under the "Restrictions" area, which enforces a passcode to unlock the phone or tablet. This enables encryption where the passcode is the "key." You are also permitted to use your fingerprint (if supported by your device) to make it easier to unlock the device.

I’m really uncomfortable with MDM on my personal phone or tablet; what should I do?

You are not required to access Epic on your personal device or install MDM on it, but you need to have a mobile device that can do so. You can use a separate device for University work if you prefer.

I definitely want a separate phone or tablet; who pays for it?

As with any other IT purchases, funding for mobile devices is worked out with your department. Please speak to your supervisor, Department Administrator, or Chair.

Why do we need Ivanti Mobile at Work?

CUIMC uses Ivanti to protect information from being stolen or lost. Data theft can happen in many ways, but some of the more likely examples include:

  1. Use of a jailbroken or rooted device
  2. Running an old version of the operating system that has known security vulnerabilities
  3. Installation of a malicious app that can steal information from other apps on the device
  4. connecting to CUIMC resources from an unsecured network, such as using WiFi in a cafe.

What should I do if I suspect someone is using Ivanti Mobile at Work in a way that violates these policies? I can’t talk to Security!

You can talk to your Chair, the CIO, the CMIO, the COO, the Dean, or the Office of General Counsel, depending on your comfort level.

Does Ivanti Mobile at Work require a passcode on my phone or tablet?

Yes, it requires a passcode of 6 or more characters, including both letters and numbers. Ivanti will enforce this passcode during enrollment/MobileIron setup. Note that University Policy already requires a passcode/screen lock.

What other security measures does Ivanti Mobile at Work provide?

Aside from enforcing a passcode, Ivanti allows a full or partial remote data wipe or passcode reset in the event of loss or theft. MobileIron encrypts your data so your phone or tablet is in compliance with Columbia’s mandatory endpoint security policy.  Please review the full text of the policy for more details on security requirements for mobile devices.

Do I need to backup my phone or tablet before enrolling in Ivanti Mobile at Work?

Yes, we strongly recommend running a backup before installing and enrolling in Ivanti Mobile at Work.

What should I do if I replace my smartphone or tablet that has Ivanti Mobile at Work installed?

You can follow the instructions to install Ivanti on the new device. Contact your Certified IT Group for assistance. See full steps to install Ivanti Mobile at Work on an iPhone/iPad or Android device.

Will Ivanti Mobile at Work interact with other apps or cause my device to crash?

No, Ivanti will not interact with any other applications on your device or otherwise affect its performance.

Is there a cost to enroll in Ivanti Mobile at Work?

No, the app and enrolling are free.

Corporate Devices VS BYOD (Bring Your Own Device)

Do I need a corporate-owned phone or tablet for Epic usage?

No, corporate devices are for those individuals who do not want to use their personal devices for Epic. However, Ivanti is required in order to access Epic from a corporate or personally owned device.

What restrictions are in place for corporate-owned devices with Ivanti Mobile at Work installed?

On corporate-owned devices, Ivanti restricts access to Bluetooth, App Store, iCloud usage, and additional features that can are known or perceived as risk factors on corporate devices. CUIMC carries the full responsibility of protecting Epic data on corporate-owned devices. For more information, see our Mobile Device Management (MDM) Privacy Information page and the University's Registration And Protection of Endpoints Policy.