To ensure that devices are compliant with the assigned rules and policies, you can create and assign a Mobile Compliance Policy to the Android devices enrolled in the work profile and work-managed device mode. The Mobile Compliance Policy contains a pre-defined event based on which the compliance of a device is monitored. Using the Compliance Dashboard you can view the compliance status of the devices.
To create a Mobile Compliance Policy:
Click Policies in the left hand pane in ZCC.
Click New > Policies and click Next.
Click Mobile and click Next.
Click General Mobile Policies and click Next.
Click Mobile Compliance Policy and click Next.
Specify a policy name, policy folder and a short description.
Click the pre-defined event Non-compliance with Security Policy to configure the audit, restrict, and remediate settings for non-compliant devices. This event is applicable for devices that do not comply with the assigned Mobile Security Policy. Configure the following:
Audit: You can enable auditing for this event for devices that become non-compliant with the assigned Mobile Security Policy.
Restrict: You can enforce the following restrictions on non-compliant devices that will be applied after the specified number of days defined in the Restrict After field.
Restrict Work Apps on Android devices.
Remediate: You can enforce remediation actions, that is, Remove work profile or Factory reset the work-managed device, on non-compliant devices that will be applied after the specified number of days defined in the Remediate After field. The device will be unenrolled from ZENworks and retired.
For example: if the number of days specified in the Restrict After field (appearing in the Restrict tab) is 1 and in the Remediate After field (appearing in the Remediate tab) is 2 for a device that was reported as non-compliant on January 1st, then the device will be allowed 1 day (24 hours) to become compliant again, failing which device restrictions will be applied on January 2nd. If the device does not become compliant even after 2 days (48 hours) of being non-compliant, the device remediation actions will be applied on January 3rd. The remediation actions will be applied irrespective of whether restrictions are applied on the device or not.
NOTE:The restriction and remediation actions are applied only when the device syncs with the ZENworks server.
You can also configure the event logging and notification settings for each of the Audit, Restrict, and Remediate settings:
Event Logging: To view the audit logs navigate to Audit and Messages > Events > Agent Events > Mobile > Compliance
Event Classification: Based on the nature of the event, classify the event as Critical, > Major or Informational.
Days to Keep: Specify the number of days to keep the audit log before purging it.
Event Notification: You can notify the user of device non-compliance by sending a message to the user’s device. On enabling, you can configure a custom message, which will be sent to the device.
Review the summary page and click Finish.
The compliance dashboard provides a single view of the compliance status of the devices in the zone.
For more information on the Compliance Dashboard feature, see Dashboard.