The University of Pittsburgh provides a layered set of security tools at no cost to students, faculty, and staff. No single tool is sufficient on its own — antivirus catches what reaches the endpoint, VPN protects the connection, encryption protects data at rest, and multifactor authentication protects the account. Use this article to find the right tool for what you're trying to protect, who it's available to, and where to get it.
For University-managed computers, most of this is already done for you.
University-managed Windows and Mac computers come with Microsoft Defender for Endpoint and the recommended baseline configuration preinstalled. The tools below are the ones individuals install themselves on personal devices, plus the discovery and encryption tools available through the Software Download Service.
At a Glance
Pitt-provided security tools by category, audience, and access point
| Category |
Tool |
Who Can Use It |
Where to Get It |
| Multifactor Auth |
Duo |
Students, Faculty, Staff |
Pitt Passport & Duo |
| Antivirus |
Microsoft Defender / Defender for Endpoint |
Students, Faculty, Staff |
Antivirus for Personal Devices |
| Secure Connection |
PittNet VPN (GlobalProtect) |
Students, Faculty, Staff |
PittNet VPN service page |
| OS & Software Updates |
Windows Update / macOS Software Update |
Students, Faculty, Staff |
Built into the operating system |
| File Encryption |
SecureZIP (Windows) |
Students, Faculty, Staff |
Getting Started with SecureZIP — Windows |
| Full-Disk Encryption |
BitLocker (Windows) / FileVault (macOS) |
Faculty, Staff |
Departmental IT or Technology Help Desk |
| Email Encryption |
Outlook message encryption |
Students, Faculty, Staff |
Outlook Email Encryption Security Guide |
| Sensitive Data Discovery |
Spirion Identity Finder |
Faculty, Staff, Dept. IT |
Software Download Service |
| Vulnerability Scans |
Departmental security consultation |
Departmental IT staff |
Security Vulnerability Assessment service |
| Email Threat Protection |
Exchange Online Protection, Safe Links |
Students, Faculty, Staff |
Threat Protection service |
Multifactor Authentication (Duo)
Duo is required for any service that authenticates through Pitt Passport — my.pitt.edu, Microsoft 365 (Outlook, Teams, OneDrive), Canvas, PeopleSoft, Pitt Worx, Box, DocuSign, EZproxy, PittNet VPN, and the rest of the single sign-on ecosystem. A stolen password alone does not give an attacker access to a Duo-protected account.
Phishing-resistant methods are recommended for new enrollments.
Pitt Digital recommends platform authenticators (Touch ID, Windows Hello, Face ID) and hardware security keys for new Duo enrollments. These resist the credential-phishing attacks that target push-notification approval.
Enroll in Pitt Passport & Duo →
Antivirus and Anti-spyware
Antivirus is the endpoint layer — it protects the device itself against malware that gets past mail filtering or arrives over the web or removable media. Pitt provides antivirus at no cost for personal Windows and Mac computers, and University-managed computers receive Microsoft Defender for Endpoint centrally.
|
✓ PERSONAL DEVICES
Antivirus for Personal Devices
Step-by-step guidance for Windows and Mac, including the built-in Microsoft Defender on Windows and recommended options for macOS.
Antivirus for Personal Devices →
|
UNIVERSITY-OWNED
Antivirus on University Systems
How Microsoft Defender for Endpoint is managed on University-owned computers and what to expect from centralized monitoring.
Antivirus for University Owned Systems →
|
Secure Connection
PittNet VPN (GlobalProtect) lets students, faculty, and staff connect to restricted University resources when off campus or when on the PittNet wireless network. The VPN encrypts traffic between your device and Pitt's network and is required for some administrative systems and library resources from off-campus.
Duo is required to authenticate to the VPN.
GlobalProtect uses Pitt Passport, so you will be prompted for a Duo second factor each time you connect. Enroll in Duo before installing GlobalProtect if you have not already.
PittNet VPN (GlobalProtect) →
Software & Operating System Updates
Every operating system and application carries software bugs, and some of those bugs are security flaws that attackers actively exploit. Keeping your operating system and applications current — and configured to update automatically — is the single highest-leverage security practice for a personal device.
|
WINDOWS
Windows Update
Microsoft releases security updates for Windows and other Microsoft products through Windows Update. Configure it to download and install updates automatically.
Windows Update FAQ (Microsoft) →
|
macOS
macOS Software Update
Apple delivers free updates through System Settings and the App Store. Configure macOS to install security responses and operating-system updates automatically.
Update macOS (Apple Support) →
|
University-managed computers are patched centrally.
If your computer is managed by a Pitt department, OS and application updates are scheduled and deployed by your local IT — you do not need to manage Windows Update or macOS Software Update yourself.
Encryption
Encryption protects data at rest and in transit — on a hard drive, on removable media, or inside an email message. Pitt provides three complementary capabilities:
📄 File-Level Encryption (SecureZIP) All Users · Windows
SecureZIP encrypts individual files or folders on Windows computers, producing a password-protected archive you can safely store on a removable drive or attach to an email. It also integrates with Outlook for encrypted email attachments. Available to students, faculty, and staff at no cost through the Software Download Service.
Practical guidance:
- Encrypt files before copying them to a portable device (USB drives, external disks, CDs).
- If you encrypt a file after copying it to portable media, delete the original unencrypted copy.
- Maintain encryption on backup media — a backup of encrypted data should remain encrypted.
- In SecureZIP, confirm Strong encryption is selected: Tools → Options → Security → Encryption tab.
Getting Started with SecureZIP — Windows →
💽 Full-Disk Encryption (BitLocker / FileVault) Faculty & Staff
Full-disk encryption protects every file on a device if the computer is lost or stolen. Pitt uses Microsoft BitLocker on Windows and Apple FileVault on macOS. Full-disk encryption is the recommended baseline for any computer used to access Sensitive or Restricted University data.
Coordinate with departmental IT before enabling full-disk encryption.
On University-managed computers, departmental IT controls full-disk encryption centrally — including escrow of recovery keys. Enabling encryption outside the managed workflow can lock you out of your own data if a recovery key is lost. Contact your local IT Administrator, or the Technology Help Desk at
412-624-HELP (4357), to schedule encryption.
✉ Email Encryption (Outlook) All Users
Outlook email encryption prevents sent messages from being intercepted and read by unauthorized recipients in transit. Encrypting messages that carry Sensitive or Restricted data is strongly recommended — and in some cases required — to protect University and personal information.
The full guide covers when to encrypt, the available encryption options in Outlook (desktop, web, and mobile), and how to verify a recipient can decrypt the message.
Outlook Email Encryption Security Guide →
Security Vulnerability Scans
Departmental vulnerability assessments — identifying missing patches, weak configurations, and known-vulnerable software on Windows, Mac, and Linux endpoints and servers — are coordinated through Pitt Digital Security under the Security Vulnerability Assessment service. Departmental IT staff can request a consultation to scope a scan, review findings, and plan remediation.
Sensitive Information Discovery
Spirion Identity Finder is the tool of record for sensitive data discovery at Pitt. Spirion scans workstations (and, with departmental IT, servers) for sensitive information that may be stored locally — Social Security numbers, payment card data, protected health information, and other regulated data types — and helps you remediate findings by deleting, redacting, or encrypting them in place.
Running a discovery scan periodically is the most reliable way to find data that shouldn't be on an endpoint: forgotten exports from a system of record, draft documents that were never deleted, or files inherited from a previous employee. Even if you believe no sensitive data is stored locally, run a scan — the most common Spirion finding is data the owner had genuinely forgotten was there.
Download Spirion from the Software Download Service →
Act on findings promptly.
A scan that finds Restricted data on an endpoint creates a documentation trail. Move the data to an approved storage location (or delete it if it is no longer needed) before closing the scan record — and report any suspected unauthorized exposure to Pitt Digital Security immediately.
Email Threat Protection
Pitt Email (Outlook) includes Exchange Online Protection to filter spam, viruses, and phishing before messages reach your inbox, plus Safe Links to evaluate URLs in real time when you click them. Both controls are enabled by default for every Pitt mailbox — no installation required.
Threat Protection service →
Key Contacts
Technology Help Desk 412-624-HELP (4357)
Installation help, tickets, general support |
Pitt Digital Security Via Help Desk
Suspected incidents, account compromise |
Software Download Service Open software.pitt.edu
Download SecureZIP, Spirion, and other licensed tools |