When Compliance Check is enabled, you create an access policy rule that requires authentication and device compliance verification for devices managed by Workspace ONE UEM.

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. When configuring the rule, the authentication method to use must precede the device compliance method.


Authentication methods configured and associated to a built-in identity provider.

Compliance checking enabled in the VMware Identity Manager AirWatch page.


  1. In the VMware Identity Manager console Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy.
  3. Click Next.
  4. Click Add Policy Rule to add a rule, or select a rule to edit.



    If a user's network range is

    Verify that the network range is correct, If adding a rule, select the network range.

    and user accessing content from

    Select the mobile device type.

    and user belongs to groups

    If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy applies to all users.

    Then perform this action

    Select Authenticate using....

    then the user may authenticate using

    Select the mobile device authentication method to apply.

    Click + and in the drop-down menu select Device Compliance (with AirWatch).

    If the preceding methods fails or is not applicable, then

    Configure the fallback authentication method, if necessary.

    Re-authenticate after

    Select the length of the session, after which users must authenticate again.

  5. Click Save.