21.1 Creating and Assigning a Mobile Compliance Policy

To create a Mobile Compliance Policy:

  1. Click Policies in the left hand pane in ZCC.

  2. Click New > Policies and click Next.

  3. Click Mobile and click Next.

  4. Click General Mobile Policies and click Next.

  5. Click Mobile Compliance Policy and click Next.

  6. Specify a policy name, policy folder and a short description.

  7. Click the pre-defined event Non-compliance with Security Policy to configure the audit, restrict, and remediate settings for non-compliant devices. This event is applicable for devices that do not comply with the assigned Mobile Security Policy. Configure the following:

    • Audit: You can enable auditing for this event for devices that become non-compliant with the assigned Mobile Security Policy.

    • Restrict: You can enforce the following restrictions on non-compliant devices that will be applied after the specified number of days defined in the Restrict After field.

      • Restrict Work Apps on Android devices.

    • Remediate: You can enforce remediation actions, that is, Remove work profile or Factory reset the work-managed device, on non-compliant devices that will be applied after the specified number of days defined in the Remediate After field. The device will be unenrolled from ZENworks and retired.

    For example, if the number of days specified in the Restrict After field (appearing in the Restrict tab) is 1 and in the Remediate After field (appearing in the Remediate tab) is 2 for a device that was reported as non-compliant on January 1st, then the device will be allowed 1 day (24 hours) to become compliant again, failing which device restrictions will be applied on January 2nd. If the device does not become compliant even after 2 days (48 hours) of being non-compliant, the device remediation actions will be applied on January 3rd. The remediation actions will be applied irrespective of whether restrictions are applied on the device or not.

    NOTE:The restriction and remediation actions are applied only when the device syncs with the ZENworks server.

    You can also configure the event logging and notification settings for each of the Audit, Restrict, and Remediate settings:

    • Event Logging: To view the audit logs navigate to Audit and Messages > Events > Agent Events > Mobile > Compliance

      • Event Classification: Based on the nature of the event, classify the event as Critical, > Major or Informational.

      • Days to Keep: Specify the number of days to keep the audit log before purging it.

    • Event Notification: You can notify the user of device non-compliance by sending a message to the user’s device. On enabling, you can configure a custom message, which will be sent to the device.

  8. Review the summary page and click Finish.