Add compliance policies that work with app groups to add a layer of security to the mobile network. Policy configurations enable the AirWatch compliance engine to take set actions on non-compliant devices.

  1. Navigate to Devices > Compliance Policies > List View. Select Add.

  2. Select the platform, Android, Apple iOS, or Apple macOS.
  3. Select Application List on the Rules tab.
  4. Select the options that reflect your desired compliance goals.

    Setting

    Description
    Contains

    Add the application identifier to configure the compliance engine to monitor for its presence on devices.

    If the engine detects the application is installed on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.

    Does Not Contain

    Add the application identifier to configure the compliance engine to monitor for its presence on devices.

    If the engine detects the application is not installed on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.

    Contains Blacklisted Apps If the engine detects applications listed in blacklisted app groups on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.
    Contains Vendor Blacklisted Apps

    Add applications from your application reputation scanning system to configure the compliance engine to monitor for their presence on devices.

    If the engine detects applications listed in these unique blacklisted app groups on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.

    Use this option if you integrate your App Scanning service with AirWatch. You must enable this option to view it in the menu. It is an advanced application management feature that requires the correct SKU for use.

    Contains Non-Whitelisted Apps If the engine detects applications not listed in whitelisted app groups on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.
    Does Not Contain Required Apps If the engine detects that devices assigned to the Compliance Rule are missing applications in required app groups, the engine performs the actions configured in the rule.
    Does Not Contain Version

    Add the application identifier and the application version the compliance engine monitors device to ensure the correct version of the application is installed on devices.

    If the engine detects the wrong version of the application is installed on devices assigned to the Compliance Rule, the engine performs the actions configured in the rule.

    You can get the Application Identifier from an app store or from its record in the AirWatch Console. Navigate to Apps & Books > Applications > List View > Internal or Public. Select View from the actions menu for the application and then look for the Application ID information.

  5. Select the Actions tab to set escalating actions to perform if a user does not comply with an application-based rule.

    The first action is immediate but is not compulsory to configure. Use it or delete it. You can augment or replace the immediate action with further delayed actions with the Add Escalations feature.

    Setting Description
    Mark as Not Compliant

    Enable the check box to tag devices that violate this rule, but once the device is tagged non-compliant and depending on escalation actions, the system might block the device from accessing resources and might block admins from acting on the device.

    Disable this option when you do not want to quarantine the device immediately.

    Application Select to remove the managed application.
    Command Select to configure the system to command the device to check in to the console, to perform an enterprise wipe, or to change roaming settings.
    Email Select to block email on the non-compliant device.
    Notify

    Select to notify the non-compliant device with an email, SMS, or push notification using your default template.

    You can also send a note to the admin concerning the rule violation.

    Profile Select to use AirWatch profiles to restrict functionality on the device.
  6. Select the Assignment tab to assign the Compliance rule to smart groups.

    Setting Description
    Managed By View or edit the organization group that manages and enforces the rule.
    Assigned Groups Type to add smart groups to which the rule applies.
    Exclusions Select Yes to exclude groups from the rule.
    View Device Assignment Select to view the devices affected by the rule.
  7. Select the Summary tab to name the rule and give it a brief description.

  8. Select Finish and Activate to enforce the newly created rule.

For information on compliance policies and app groups, see Application Groups and Compliance.