Compliance policy rules enable you to construct a solid foundation for your policy as the component parts of a policy. The actions, escalations, and assignments that follow are all built upon these rules.

Setting Description
Application List Detect specific blacklisted apps that are installed on a device, or detect all apps that are not whitelisted. You can prohibit certain apps (such as social media apps) and vendor-blacklisted apps, or permit only the apps you specify. You can also specify a minimum version number for an app.
Antivirus Status Detect whether or not an antivirus app is running. The compliance policy engine checks the Action Center on the device for an antivirus solution. If your third-party solution does not display in the action center, it reports as not monitored.
Cell Data/Message/Voice Use Detect when end-user devices exceed a particular threshold of their assigned telecom plan. For this policy to take effect Telecom must be configured. For more information, see the topic Introduction to Telecom.
Compliance Attribute*** Compare attribute keys in the device against third-party endpoint security, which returns a Boolean value representing device compliance.
Compromised Status

Detect if the device is compromised. Prohibit the use of jailbroken or rooted devices that are enrolled with AirWatch.

Jailbroken and rooted devices strip away integral security settings and may introduce malware in your network and provide access to your enterprise resources. Monitoring for compromised device status is especially important in BYOD environments where employees have various versions of devices and operating systems.

For more information about compromised device detection using VMware AirWatch, see the following Knowledge Base articles:  https://support.air-watch.com/articles/115001662748 and https://support.air-watch.com/articles/115001662508.

Device Last Seen Detect if the device fails to check in within an allotted time window.
Device Manufacturer Detect the device manufacturer allowing you to identify certain Android devices. You can specifically prohibit certain manufacturers or permit only the manufacturers you specify.
Encryption Detect whether or not encryption is enabled on the device.
Firewall Status Detect whether or not a firewall app is running. The compliance policy engine checks the Action Center on the device for a firewall solution. If your third-party solution does not display in the action center, it reports as not monitored.
Free Disk Space Detect the available storage space on the device.
iBeacon Area Detect whether your iOS device is within the area of an iBeacon Group. iBeacon is specific to iOS and is used to manage location awareness. For more information, please see iBeacon Overview.
Interactive Certificate Profile Expiry Detect when an installed profile on the device expires within the specified length of time.
Last Compromised Scan Detect if the device has not reported its compromised status within the specified schedule.
MDM Terms of Use Acceptance Detect if the end user has not accepted the current MDM Terms of Use within a specified length of time.
Model Detect the device model. You can specifically prohibit certain models or permit only the models you specify.
OS Version Detect the device OS version. You can prohibit certain OS versions or permit only the operating systems and versions you specify.
Passcode Detect whether a passcode is present on the device.
Roaming* Detect if the device is roaming.
Roaming Cell Data Use* Detect roaming cell data use against a static amount of data measured in MB or GB.
Security Patch Version** Detect the date of the Android device's most recent security patch from Google.
SIM Card Change* Detect if the SIM card has been replaced.
Windows Automatic Update Status Detect whether Windows Automatic Update has been activated. The compliance policy engine checks the Action Center on the device for an Update solution. If your third-party solution does not display in the action center, it reports as not monitored.
Windows Copy Genuine Validation Detect whether the copy of Windows currently running on the device is genuine.

* Only available for Telecom Advanced Users.

** Only available for Android version 6.0 and later.

*** Only available for Windows Desktop devices.

For details about compliance policies, including how to create one, see the VMware AirWatch Mobile Device Management Guide , available on AirWatch Resources.