Skip to content Skip to site navigation

In September 2022, rates will change for several of the technology services provided by University IT. To view the majority of our planned rate changes for services that are broadly available to our community, please visit this page. For more information, please visit the rates section of our website.

Get Advanced Endpoint Security on Any Device With Cardinal Protect Virtual Desktop

January 11, 2022

Whether you work with High Risk Data or simply want more protection, Cardinal Protect provides an all-in-one managed secure desktop that includes modern endpoint management, enhanced threat detection, and automatic backups for optimal data protection.

 Cardinal Protect eliminates the need to use a separate Privileged Access Workstation (PAW) device to access administrative accounts and manage high-risk systems.




You can expect a comprehensive set of security features, including:

  • ​Modern endpoint management. Automated device management for more convenient software deployments. 
  • Advanced endpoint protection. Endpoint security platform delivered by Crowdstrike EDR to guard against breaches, data theft, and cyber-attacks. 
  • Automated backup. Automated backups with version control performed via CrashPlan to help fend off ransomware attacks that could make your data inaccessible.
  • Anytime, anywhere, any device access. The virtual desktop (VDI) version allows you to access highly sensitive data from your Stanford-issued laptop/desktop or mobile device via web browser, Horizon client on macOS, Windows OS, iOS and Android.

Designed for

  • Departments that want to provide a higher level of endpoint security for their users
  • Stanford University faculty and staff, including university directors and deans, who work with sensitive information or simply want more protection
  • System Administrators and other PAW users who want to simplify to one device for all their work



Windows Service

  • An existing Code42 CrashPlan Backup service subscription
  • Requires Windows 11 compatible devices with TPM 2.0, UEFI and Secure Boot capability
    • Windows 10 compatibility coming soon
  • Users may need to back up their Windows device before converting to Cardinal Protect
  • Windows OS must be within Microsoft’s support window.

macOS Service

  • An existing Code42 CrashPlan Backup service subscription
  • New or existing macOS devices with an Apple T2 or newer security chip
  • Devices must be purchased through Stanford procurement or the University bookstore and registered in Apple School Manager (ASM)
  • Users may need to back up their macOS device before converting to Cardinal Protect
  • Supported devices must be within the two most recent macOS versions. 

Virtual Desktop Service

  • An existing Code42 CrashPlan Backup service subscription
  • Windows 10+, macOS 10.14+, Linux, iOS 12+, and Android OS
  • Laptop, desktop, or mobile device that runs any of the previously mentioned operating systems 
  • Browser access requires HTML 5

Data security

This service meets the Information Security Office requirements.


See the Cardinal Protect rates page

Get started

  • To learn more about or to request Cardinal Protect, submit a Request
  • To get started with Cardinal Protect Virtual Desktop, submit a Request.

Get help

For questions or support

Learn more

Why must my device be registered in Apple School Management (ASM) for macOS Cardinal Protect?
ASM, which is Apple’s device management portal for educational institutions, enables the installation of Cardinal Protect. You can learn more about ASM by navigating to the Apple School User Guide.
How do I know if my device is registered in Apple School Management (ASM) for macOS Cardinal Protect?
If you have a Stanford device that was purchased through Smartmart or from the university bookstore, your device is registered in ASM upon purchase. ASM registration cannot be added to a device after purchase.
How do I back up and restore my macOS device?
Refer to Apple's Back up your Mac webpage for instructions on how to backup or restore your Mac. If you need additional technical assistance, contact your department IT support.
What are the benefits of Cardinal Protect for those who currently use Privileged Access Workstation (PAW)?
Cardinal protect simplifies your day-to-day work experience by providing the protection that you need on one single device, eliminating the need to use a separate PAW device to access administrative accounts.
Is Cardinal Key integrated with Cardinal Protect?
Cardinal Protect is integrated with Cardinal Key for easy, automatic installation of Cardinal Key upon deployment of Cardinal Protect.
Do I have to wipe my device before converting to Cardinal Protect?
Yes, in order for a macOS device to enroll with Cardinal Protect, it must be completely wiped.
What firewall limitations will be imposed?
Cardinal Protect devices will not be able to use SSH Remote Management, Remote Login, receive Airdrop, or utilize any other application that requires inbound connections. This is due to restrictions being placed on incoming connections in the macOS firewall.

See also

Last modified May 23, 2022