Re: ATP vs. just Defender in lab/clinic environments

[Catherine Ullman <cende () BUFFALO EDU>]

Just to make sure our request doesn't get derailed -- 

 

I think it's great if folks want to have a conversation about the licensing
features, but the goal of this message was really not about understanding
the differences in licensing per se.  It was ultimately to determine whether
it makes sense, specifically in a couple of use cases, to pay the extra fee
for machine licenses so that shared machines can run ATP.  I apologize if
that was not clear from my original request.

 

We have an A5 license for most of our faculty/staff, but not students.
Furthermore, that does not cover shared machines.  Shared machines are
licensed for an extra cost above and beyond our licensing, since we don't
cover students.  For student personal machines, they're expected to use the
built-in Defender installation.  What we want to know is what entities are
doing for the shared machine use cases below - are you just running the
Defender that is built in or are you paying for the licensing for full ATP
in some capacity (whether it's because you license everyone or you pay the
additional fee)?

 

Campus Public Labs:

These are VDI machines that are used by students.  The machines are
provisioned on demand and destroyed upon logout.

 

Department Labs:

These are bare metal machines shared by students located in a shared space
within a specific school.

 

Campus Clinics:

These are VDI/Citrix desktops that are used by students, like labs they are
provisioned on demand and destroyed upon logout, but process more sensitive
information than the labs.

 

Thanks!

 

Best,

Cathy

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Blake Brown
Sent: Thursday, January 14, 2021 1:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ATP vs. just Defender in lab/clinic environments

 

A5/E5 general conversation would be most helpful. We are A3 and looking at
the A5 Security Add On.

 

Thanks,

Blake

 

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on
behalf of John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU
<mailto:000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU> >
Reply-To: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> >
Date: Thursday, January 14, 2021 at 10:53 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
" <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> >
Subject: Re: [SECURITY] ATP vs. just Defender in lab/clinic environments

 

External Email

We are using E5 extensively and pretty much leveraging everything.  Am happy
to have a conversation on this.  Also, if there are a few interested in
A5/E5, maybe a broader conversation is warranted as well.

 

John Ramsey, Chief Information Security Officer
National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT

2300 Dulles Station Blvd., Suite 220
Herndon, VA 20171
703.742.4428 |
<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.studen
tclearinghouse.org%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f2
26408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637462472987730
932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
aWwiLCJXVCI6Mn0%3D%7C1000&sdata=t2vB2U%2BNypUgEvzr%2FqLgqdERPDGXOjOoFbMHXzW5
sJc%3D&reserved=0> studentclearinghouse.org
 
<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linked
in.com%2Fcompany%2Fnational-student-clearinghouse&data=04%7C01%7Ccende%40buf
falo.edu%7Ca0ff56cac4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a202
50%7C0%7C0%7C637462472987730932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DrP4k4ZlBcBw%2Fk
EwAPjTVNFtq%2BQ6gy3RwHjNGiStPik%3D&reserved=0> LinkedIn |
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.c
om%2Fnsclearinghouse&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f22
6408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374624729877408
86%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
WwiLCJXVCI6Mn0%3D%7C1000&sdata=ppFW6sTlhCuDJvFc6woulaRR1Jd64ab1L2aE3wJBBq0%3
D&reserved=0> Twitter |
<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebo
ok.com%2FNSClearinghouse&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c
8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637462472987
740886%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ViMwY9%2BorbFmfW3Ae8n6hSBSNz62jma2Fm%2BR8
jfiogc%3D&reserved=0> Facebook |
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stude
ntclearinghouse.org%2Fnscblog%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56
cac4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374
62472987750844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d%2BBYOjKXecQ87ptlHit6eqxZF808KLp
KphzMZB3ExAk%3D&reserved=0> Blog |
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.insta
gram.com%2FNSClearinghouse%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac
4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374624
72987750844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FLqFXpZzdh%2BkhLpqDzU%2FsE9wydn9RH
opGD5rMWIVOus%3D&reserved=0> Instagram 

Serving Education Since 1993

 

This message is proprietary to the National Student Clearinghouse, is
intended only for the addressee and may contain confidential or privileged
information. If you receive this message in error, please contact the sender
and delete all copies.

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > On
Behalf Of Catherine Ullman
Sent: Thursday, January 14, 2021 12:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: [SECURITY] ATP vs. just Defender in lab/clinic environments

 

Hi Folks!

 

We, at the University at Buffalo, have recently moved to a Microsoft A5
license and are currently working on rolling out many of the new features.
Currently we are planning our Windows Defender for Endpoint (Advanced Threat
Protection) rollout and have some decisions to make which we were hoping to
hear how others implemented this.  We have a few different shared computing
paradigms in which we are trying to decide if licensing the machine for
Defender for Endpoint is appropriate or if using just the embedded windows
defender from the operating system is adequate.  Some of these systems are
as follows:

 

Campus Public Labs:

These are VDI machines that are used by students.  The machines are
provisioned on demand and destroyed upon logout.

 

Department Labs:

These are bare metal machines shared by students located in a shared space
within a specific school.

 

Campus Clinics:

These are VDI/Citrix desktops that are used by students, like labs they are
provisioned on demand and destroyed upon logout, but process more sensitive
information than the labs.

 

Any thoughts or lessons learned from your implementation would be greatly
appreciated.  Thanks in advance!

 

Best,

Cathy

 

 

Dr. Catherine J Ullman

Senior Information Security Forensic Analyst

Information Security Office

University at Buffalo

cende () buffalo edu <mailto:cende () buffalo edu> 

 

 

 

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226
408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298775084
4%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
wiLCJXVCI6Mn0%3D%7C1000&sdata=MmMcDqC7%2FRp9B%2FwjCd0hXSWDZyp54pOnKulQvPxcP8
g%3D&reserved=0>  

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226
408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298776080
0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
wiLCJXVCI6Mn0%3D%7C1000&sdata=3iDq4GNgiXfWrC9mG9NafiTYuytgY4pgtQ9lUbxU%2Fa0%
3D&reserved=0>  

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226
408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298776080
0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW
wiLCJXVCI6Mn0%3D%7C1000&sdata=3iDq4GNgiXfWrC9mG9NafiTYuytgY4pgtQ9lUbxU%2Fa0%
3D&reserved=0>  


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description: