Mobile Device Management FAQs

What is MobileIron?

MobileIron is software used at the Medical Center to secure and manage business apps, documents, and other business content on smartphones and tablets. It allows IT to use MobileIron to set security and management rules on these mobile devices. The MobileIron app provides the IT department with information about the device and its security state. It also allows users to access Epic from their smartphone or tablet.  For an overview please see Information Security's Mobile Device Management page.

Do I need to install MobileIron on my phone or tablet again if I am already enrolled with NYP MDM?

No, you do not need to install it again if you have previously had your phone or tablet configured by NYP or Cornell Med.

What phones and tablets are supported to work with MobileIron?

MobileIron is targeted at phones and tablets running Apple iOS or Google Android operating system software:

What is needed to set up and use MobileIron?

  1. A mobile device running one of the supported operating system versions listed above
  2. An Apple ID or Google Play account (to download the MobileIron app)
  3. Internet access on the device (WiFi or mobile data connection)
  4. A CWID (NYP Center Wide ID) account and password

To install MobileIron see instructions for iPhone/iPad and Android devices.

How do I get a CWID account?

To obtain a CWID please contact your department administrator or supervisor, CUIMC IT is not able to create or request them.  If you are not sure whether you have one already or need help with your CWID please see NYP's oneID Password Management page.

If my phone or tablet is remotely wiped, will my personal information stored on it also be deleted?

No. Only the container holding business apps, such as Epic, will be wiped from the device. However, if requested, IT can wipe the entire device.

What information does MobileIron collect about me and my device?

IT can only see data such as carrier, country, device make and model, OS version, phone number, list of installed apps, name, phone number, and corporate email (messages can't be read, see the next FAQ for more information). It also verifies that the device complies with using a passcode and encryption as required by University Policy.  MobileIron permissions are:

Apps MobileIron can only see apps that it manages (those that CUIMC makes available), and can only delete its own managed applications.
Calls and text messages MobileIron cannot listen to or read these.
Messaging apps MobileIron can only see apps that it manages.
Location MobileIron does not track location of your device.
Device information MobileIron collects the phone number, IMEI, SIM, model, manufacture, device name, mobile carrier, storage capacity, and IP address.
Device status Last check in, jail-broken/rooted device, OS version, PIN/Passcode present, device encryption, battery level.
Pictures, videos, multimedia MobileIron cannot see your pictures or videos. The system can only see device storage capacity.
Corporate wipe MobileIron can only retire your device, which will remove enrollment, corporate data, and any managed applications. Once the corporate wipe is performed the device is no longer managed under MobileIron.
Full device wipe This is only done via submitting a ticket to the Information Security Office (ISO). ISO has to document the request and login to a separate account with elevated privileges to perform a full device wipe. NOTE: This cannot be done if a corporate wipe was processed.

Please see Mobile Device Management (MDM) Privacy Information for more details.

Can IT spy on my phone or tablet once MobileIron is installed?

IT does not want to spy on you nor does MobileIron allow IT to see data such as personal email, voicemails, photos, videos, and web activity. Even within the bounds of technology, University policy strictly limits what IT can do. For more information see the Acceptable Use of Information Resources Policy and the Information Security Charter.

What changes will I see on my device once MobileIron is installed?

When MobileIron is installed on the phone or tablet, a list of "profiles" with configuration settings will appear under Settings > General > Device Management. The "Password Policy" profile appears under the "Restrictions" area, which enforces a passcode to unlock the phone or tablet. This enables encryption where the passcode is the "key." You are also permitted to use your fingerprint (if supported by your device) to make it easier to unlock the device.

I’m really not comfortable with MDM on my personal phone or tablet, what should I do?

You are not required to access Epic on your personal device or install MDM on it, but are only required to have a mobile device which can do so. You can provision a separate device for University work if you prefer.

I definitely want a separate phone or tablet, who pays for it?

As with any other IT purchases, funding for mobile devices is worked out with your department. Please speak to your supervisor, Department Administrator, or Chair.

Why do we need MobileIron?

CUIMC will use MobileIron to protect information from being stolen or lost. Data theft can happen in many ways but some of the more likely examples include (i) use of a jailbroken or rooted device, (ii) running an old version of the operating system that has known security vulnerabilities, (iii) installation of a malicious app that can steal information from other apps on the device, or (iv) connecting to CUIMC resources from an unsecured network, such as using WiFi in a cafe.

What should I do if I suspect someone is using MobileIron in a way that violates these policies? I can’t talk to Security!

You can talk to your Chair, the CIO, the CMIO, the COO, the Dean, or the Office of General Counsel, depending on your comfort level.

Does MobileIron require a passcode on my phone or tablet?

Yes, it requires a passcode of 6 or more characters, including both letters and numbers, and will enforce this during enrollment/MobileIron set up.  Note that University Policy already requires a passcode/screen lock.

What other security does MobileIron provide?

Aside from enforcing a passcode, it allows a full or partial remote data wipe or passcode reset in the event of loss or theft. MobileIron encrypts your data so your phone or tablet is in compliance with Columbia’s mandatory endpoint security policy.  Please review the full text of the policy for more details on security requirements for mobile devices.

Do I need to backup my phone or tablet before enrolling in MobileIron?

Yes, we strongly recommend running a backup before installing and enrolling in MobileIron.

What should I do if I replace my smartphone or tablet that has MoblieIron installed?

You can follow instructions to install MobileIron on the new device, and if needed contact your Certified IT Group for assistance. See full steps to install it on an iPhone/iPad or Android device.

Will MobileIron interact with other apps or cause my device to crash?

No, MobileIron will not interact with any other applications on your device or otherwise affect its performance.

Is there a cost to enroll in MobileIron?

No, the app and enrolling are free.

Corporate Devices VS BYOD (Bring Your Own Device)

Do I need a corporate owned phone or tablet for Epic usage?

No, corporate devices are for those individuals who do not want to use their personal device for Epic. However, MobileIron is required in order to access Epic from a corporate or personally owned device.

What restrictions are in place for corporate owned devices with MobileIron installed?

CUIMC MobileIron restricts access to device features such as Bluetooth, App store access, iCloud usage, and as well additional features that create a known or perceived risk on corporate devices. CUIMC carries the full responsibility of protecting Epic data on corporate owned devices. For more information see our Mobile Device Management (MDM) Privacy Information page and the University's Registration And Protection of Endpoints Policy.