12.6 Monitoring Device Compliance

To ensure that devices are compliant with the assigned rules and policies, you can create and assign a Mobile Compliance Policy to the Android devices enrolled in the work profile mode. The Mobile Compliance Policy contains a pre-defined event based on which the compliance of a device is monitored. Using the Compliance Dashboard you can view the compliance status of the devices.

12.6.1 Creating and Assigning a Mobile Compliance Policy

To create a Mobile Compliance Policy:

  1. Click Policies in the left hand pane in ZCC.

  2. Click New > Policies and click Next.

  3. Click Mobile and click Next.

  4. Click General Mobile Policies and click Next.

  5. Click Mobile Compliance Policy and click Next.

  6. Specify a policy name, policy folder and a short description.

  7. Click the pre-defined event Non-compliance with Security Policy to configure the audit, restrict, and remediate settings for non-compliant devices. This event is applicable for devices that do not comply with the assigned Mobile Security Policy. Configure the following:

    • Audit: You can enable auditing for this event for devices that become non-compliant with the assigned Mobile Security Policy.

    • Restrict: You can enforce the following restrictions on non-compliant devices that will be applied after the specified number of days defined in the Restrict After field.

      • Restrict Work Apps on Android devices enrolled in the work profile mode

    • Remediate: You can enforce the following remediation actions on non-compliant devices that will be applied after the specified number of days defined in the Remediate After field.

      • Remove Work Profile on Android devices. The device is unenrolled from ZENworks and retired.

    For example: if the number of days specified in the Restrict After field (appearing in the Restrict tab) is 1 and in the Remediate After field (appearing in the Remediate tab) is 2 for a device that was reported as non-compliant on January 1st, then the device will be allowed 1 day (24 hours) to become compliant again, failing which device restrictions will be applied on January 2nd. If the device does not become compliant even after 2 days (48 hours) of being non-compliant, the device remediation actions will be applied on January 3rd. The remediation actions will be applied irrespective of whether restrictions are applied on the device or not.

    NOTE:The restriction and remediation actions are applied only when the device syncs with the ZENworks server.

    You can also configure the event logging and notification settings for each of the Audit, Restrict, and Remediate settings:

    • Event Logging: To view the audit logs navigate to Audit and Messages > Events > Agent Events > Mobile > Compliance

      • Event Classification: Based on the nature of the event, classify the event as Critical, > Major or Informational.

      • Days to Keep: Specify the number of days to keep the audit log before purging it.

    • Event Notification: You can notify the user of device non-compliance by sending a message to the user’s device. On enabling, you can configure a custom message, which will be sent to the device.

  8. Review the summary page and click Finish.

12.6.2 Viewing the Compliance Dashboard

The compliance dashboard provides a single view of the compliance status of the devices in the zone. To view the compliance dashboard, from the left hand pane in ZCC click Mobile Management > Dashboard. A pie chart displayed at the top of the page provides a summary of the compliance status for all the mobile devices. You can click each slice of the pie chart to filter the data displayed in the table below as per the selected compliance status.

You can perform the following actions in the table:

Search/Filter: You can filter the data displayed in the table by specifying the device name or the user name in the search field. You can further filter the data to view devices as per their compliance status. Select the appropriate compliance status from the drop-down list appearing next to the search field.

Show/Hide Columns: To display the columns in the summary page, click and select the appropriate columns. The columns available for display are as follows:

  • Device: Displays the name of the device that is being monitored for compliance. You can click the device to view the device information.

  • User: Displays the name of the user with whom the device is associated.

  • Platform: Displays the operating system installed on the device.

  • Last Contact: Displays the date or time when the device last contacted the ZENworks server.

  • Status: Displays the compliance status of the device. If the status is non-compliant, you can click this status to get more information about the event based on which the device is considered non-compliant.

  • Non-compliant Since: Displays the date or time since the device was considered non-compliant.

  • Current State: Displays the existing status of the compliance check, that is, whether the device is in Audit, Restrict or Remediate state.

  • Restricted On: Displays the date or time when restrictions were imposed on the device.

  • Remediated On: Displays the date or time when remediation actions were taken on the device.

Update View: Click to refresh the dashboard page.