Compliance policy rules enable you to construct a solid foundation for your policy as the component parts of a policy. The actions, escalations, and assignments that follow are all built upon these rules.
|Application List||Detect specific blacklisted apps that are installed on a device, or detect all apps that are not whitelisted. You can prohibit certain apps (such as social media apps) and vendor-blacklisted apps, or permit only the apps you specify. You can also specify a minimum version number for an app.|
|Antivirus Status||Detect whether or not an antivirus app is running. The compliance policy engine checks the Action Center on the device for an antivirus solution. If your third-party solution does not display in the action center, it reports as not monitored.|
|Cell Data/Message/Voice Use||Detect when end-user devices exceed a particular threshold of their assigned telecom plan. For this policy to take effect Telecom must be configured.
|Compliance Attribute***||Compare attribute keys in the device against third-party endpoint security, which returns a Boolean value representing device compliance.|
Detect if the device is compromised. Prohibit the use of jailbroken or rooted devices that are enrolled with Workspace ONE ™ UEM.
Jailbroken and rooted devices strip away integral security settings and can introduce malware in your network and provide access to your enterprise resources. Monitoring for compromised device status is especially important in BYOD environments where employees have various versions of devices and operating systems.
For more information about compromised device detection using VMware, see the following Knowledge Base articles: https://support.air-watch.com/articles/115001662748 and https://support.air-watch.com/articles/115001662508.
|Device Last Seen||Detect if the device fails to check in within an allotted time window.|
|Device Manufacturer||Detect the device manufacturer allowing you to identify certain Android devices. You can specifically prohibit certain manufacturers or permit only the manufacturers you specify.|
|Encryption||Detect whether or not encryption is enabled on the device.|
|Firewall Status||Detect whether or not a firewall app is running. The compliance policy engine checks the Action Center on the device for a firewall solution. If your third-party solution does not display in the action center, it reports as not monitored.|
|Free Disk Space||Detect the available storage space on the device.|
|iBeacon Area||Detect whether your iOS device is within the area of an iBeacon Group.
|Interactive Certificate Profile Expiry||Detect when an installed profile on the device expires within the specified length of time.|
|Last Compromised Scan||Detect if the device has not reported its compromised status within the specified schedule.|
|Model||Detect the device model. You can specifically prohibit certain models or permit only the models you specify.|
|OS Version||Detect the device OS version. You can prohibit certain OS versions or permit only the operating systems and versions you specify.|
|Passcode||Detect whether a passcode is present on the device.|
|Roaming*||Detect if the device is roaming.|
|Roaming Cell Data Use*||Detect roaming cell data use against a static amount of data measured in MB or GB.|
|Security Patch Version**||Detect the date of the Android device's most recent security patch from Google.|
|SIM Card Change*||Detect if the SIM card has been replaced.|
|Windows Automatic Update Status||Detect whether Windows Automatic Update has been activated. The compliance policy engine checks the Action Center on the device for an Update solution. If your third-party solution does not display in the action center, it reports as not monitored.|
|Windows Copy Genuine Validation||Detect whether the copy of Windows currently running on the device is genuine.|
* Only available for Telecom Advanced Users.
** Only available for Android version 6.0 and later.
*** Only available for Windows Desktop devices.