Skip to content Skip to site navigation

Get Advanced Endpoint Security on Any Device With Cardinal Protect Virtual Desktop

January 11, 2022

Whether you work with High Risk Data or simply want more protection, Cardinal Protect provides an all-in-one managed secure desktop that includes modern endpoint management, enhanced threat detection, and automatic backups for optimal data protection.

 Cardinal Protect eliminates the need to use a separate Privileged Access Workstation (PAW) device to access administrative accounts and manage high-risk systems.

 

 

Features

You can expect a comprehensive set of security features, including:

  • ​Modern endpoint management. Automated device management for more convenient software deployments. 
  • Advanced endpoint protection. Endpoint security platform delivered by Crowdstrike EDR to guard against breaches, data theft, and cyber-attacks. 
  • Automated backup. Automated backups with version control performed via CrashPlan to help fend off ransomware attacks that could make your data inaccessible.
  • Anytime, anywhere, any device access. The virtual desktop (VDI) version allows you to access highly sensitive data from your Stanford-issued laptop/desktop or mobile device via web browser, Horizon client on macOS, Windows OS, iOS and Android.
For Windows systems
  • Hardware reporting (model, serial, BIOS/TPM status)
  • Automated OS build version tracking/updates
  • Alerts issued for changes in System Integrity Protection and secure configurations
    • BigFix/Intune
    • CrowdStrike
    • BitLocker
  • Enforcement of local firewall, with default deny and reporting of open ports
  • Auto-install of core applications
    • Firefox/Chrome/Opera/Brave
    • uBlock Origin
    • Office 365
    • Jabber
    • Slack
    • Zoom
    • Cisco AnyConnect VPN
  • Automated system backup (Crashplan)
  • Password management (Dashlane)
  • Local log monitoring
  • Remote wipe capability (under Intune)
For macOS systems
  • Hardware reporting (model, serial, etc.)
  • Automated OS version tracking/updates (n-1 supported)
  • Alerts issued for changes in System Integrity Protection and secure configurations
    • BigFix/Jamf
    • CrowdStrike
    • FileVault2
  • Alerting for changes to Apple File Sharing and Remote Desktop. SMB sharing disabled
  • Enforcement of local firewall, with default deny and reporting of open ports
  • Auto-install of core applications
    • Firefox/Chrome/Opera
    • Office 365
    • Jabber
    • Slack
    • Zoom
    • Cisco AnyConnect VPN
  • Automated system backup (Crashplan)
  • Password management (Dashlane)
  • Local log monitoring
  • Remote wipe capability

Designed for

  • Departments that want to provide a higher level of endpoint security for their users
  • Stanford University faculty and staff, including university directors and deans, who work with sensitive information or simply want more protection
  • System Administrators and other PAW users who want to simplify to one device for all their work

 

Requirements

Windows Service
  • An existing Code42 CrashPlan Backup service subscription
  • Requires Windows 11 compatible devices with TPM 2.0, UEFI and Secure Boot capability
    • Windows 10 compatibility coming soon
  • Users may need to back up their Windows device before converting to Cardinal Protect
  • Windows OS must be within Microsoft’s support window.
macOS Service
  • An existing Code42 CrashPlan Backup service subscription
  • New or existing macOS devices with an Apple T2 or newer security chip
  • Devices must be purchased through Stanford procurement or the University bookstore and registered in Apple School Manager (ASM)
  • Users may need to back up their macOS device before converting to Cardinal Protect
  • Supported devices must be within the two most recent macOS versions. 
Virtual Desktop Service
  • An existing Code42 CrashPlan Backup service subscription
  • Windows 10+, macOS 10.14+, Linux, iOS 12+, and Android OS
  • Laptop, desktop, or mobile device that runs any of the previously mentioned operating systems 
  • Browser access requires HTML 5

Data security

This service meets the Information Security Office requirements.

Rates

See the Cardinal Protect rates page

Get started

  • To learn more about or to request Cardinal Protect, submit a Request
  • To get started with Cardinal Protect Virtual Desktop, submit a Request.

Get help

For questions or support

Learn more

Why must my device be registered in Apple School Management (ASM) for macOS Cardinal Protect?
ASM, which is Apple’s device management portal for educational institutions, enables the installation of Cardinal Protect. You can learn more about ASM by navigating to the Apple School User Guide.
How do I know if my device is registered in Apple School Management (ASM) for macOS Cardinal Protect?
If you have a Stanford device that was purchased through Smartmart or from the university bookstore, your device is registered in ASM upon purchase. ASM registration cannot be added to a device after purchase.
How do I back up and restore my macOS device?
Refer to Apple's Back up your Mac webpage for instructions on how to backup or restore your Mac. If you need additional technical assistance, contact your department IT support.
What are the benefits of Cardinal Protect for those who currently use Privileged Access Workstation (PAW)?
Cardinal protect simplifies your day-to-day work experience by providing the protection that you need on one single device, eliminating the need to use a separate PAW device to access administrative accounts.
Is Cardinal Key integrated with Cardinal Protect?
Cardinal Protect is integrated with Cardinal Key for easy, automatic installation of Cardinal Key upon deployment of Cardinal Protect.
Do I have to wipe my device before converting to Cardinal Protect?
Yes, in order for a macOS device to enroll with Cardinal Protect, it must be completely wiped.
What firewall limitations will be imposed?
Cardinal Protect devices will not be able to use SSH Remote Management, Remote Login, receive Airdrop, or utilize any other application that requires inbound connections. This is due to restrictions being placed on incoming connections in the macOS firewall.

See also

Last modified August 17, 2022