AirWatch provides a robust and highly customizable compliance policy engine that can help you create and enforce policies for employee-owned devices.

The compliance engine is a tool which ensures that all your enrolled devices abide by your policies, such as requiring a passcode and having a minimum device lock period.

When a device is determined to be out of compliance, the compliance engine warns users to address detected compliance errors. If the errors are not corrected in the specified time, the device loses access to content and functions according to the policies you define. Compliance policies and actions vary by platform.

Compliance policies appropriate for employee-owned devices include:

  • Encryption Enforcement: Require full device and SD card encryption.
  • Passcode Policies: Require a device or app passcode. Passcode policies provide hardware-level encryption and protect information in case a device is lost or stolen.

    Explicitly inform end users of any passcode policies, such as maximum failed attempts before device lock, in your Terms of Use agreement.

  • Compromised Detection: Because of the security risks to which jailbroken or rooted devices are exposed, they must not be granted access to corporate content. When devices are detected as compromised, AirWatch can automatically remove access to all corporate content enabled through MDM.
  • MDM Terms of Use Acceptance: Ensure that users accept your Terms of Use agreement by performing escalating actions that increasingly restrict access to corporate content the longer users go without accepting.

You can create compliance policies in the AirWatch Console by navigating to Devices > Compliance Policies > List View and selecting Add. Select the correct Ownership type on the Assignment tab for the devices you are configuring.

For more information about creating compliance policies, see the Compliance Policies Overview.