[Spivak]

As much as I despise this kind of software as an end-user the data collection can be for above-board purposes and is required in certain regulatory domains. Zero excuse for being a shitty application though.

In our case we were required to verify that any machine that connected to our VPN was sufficiently updated, had a backup taken, was running AV and was recently scanned for malware, and had disk encryption enabled with our recovery key.

[paultopia]

Anyone who requires this level of security for regulatory purposes should not have a BYOD policy at all. "Only fully-managed, organization-owned devices get to touch this data" is the only fair way to both maintain data security in highly regulated environments and not effectively take ownership over employees (and, in a university context, student) computers).

[jimmySixDOF]

Agreed. Enterprise 802.1X NAC policies are not compatible with BYOD users.

[Jonnax]

Sure but it has no business doing this crap on university student's machines.

It's straight up malware that modifies things that can break your computer.

And it's not like they're going to offer support for fixing it.

[warhorse10_9]

All of these things are actually configured by your university. They are configuration options for the firewall that enforces the portal. Blame your university IT, not Palo Alto.

[tinus_hn]

The software enables these excessive policies. Blame Palo Alto.

[warhorse10_9]

The policies are really not excessive, Palo Alto is designing for enterprises which would want many of these restrictions on their assets. It just so happens the software is flexible enough to be used in BYOD settings. The IT professionals in those settings need to do their due diligence and apply appropriate policies. This is a PICNIC/PEBKAC.

[necubi]

Regulations (I'm familiar with HIPAA/SOX/PCI) do not require specific technical implementations like this. These are just things that have been negotiated between IT and their auditor. Saying shitty IT policies are due to "regulation" is almost always a cop-out.