SDK App Compliance profiles help monitor and enforce compliance on devices that have Workspace ONE SDK-built apps. Devices with these profiles do not require an MDM profile and can be offline and still comply with app security policies.
Find settings in.
Block and Wipe Functions for SDK App Compliance Settings
SDK App Compliance identifies non-compliant devices with SDK-built applications installed and act with the block or wipe function. It identifies non-compliance when a device's status satisfies the configured rules.
- Wipe - The Wipe action, also called an enterprise wipe, clears privileged corporate data off devices that are not compliant with the applicable parameter. The system does not perform wipe actions on data unrelated to the enterprise. SDK App Compliance settings that use this action include the following list.
Note: The wipe function for Application Inactivity is not an enterprise wipe. The system wipes only the data on the device that pertains to the SDK-built app.
- OS Version
- Security Patch Date
- Block - The Block action prevents user access to SDK-built applications that meet a configured parameter. SDK App Compliance settings that use this action include the following list.
- App Version
- OS Version
- Security Patch Date
Restricts devices from accessing SDK-built applications unless the version is approved.
You cannot add more than one version of an SDK-built application.
Here is an example of how to configure this setting. You can enter and select Workspace ONE Boxer, select Less Than, and enter 4.9. This group of parameters sets the SDK to block access to any version of Workspace ONE BoxerVMware Boxer that is earlier than v4.9. This text box evaluates version identifiers as numeric values separated by a period. For example, 2.3.5 or 188.8.131.52. If your version contains non-numeric values, like 2.a.5, the SDK uses only the leading numeric values and it evaluates this value as 2. For a version number of 2.3.4.a, the SDK evaluates this value as 2.3.4.
Restricts devices from accessing SDK-built applications in case the applications stay inactive for a specified number of days. When enabled, application data is wiped when an iOS or Android application (specified by an app ID) reaches the allowed days of inactivity (1-90 days).
This policy does not impact older versions of apps.
This feature works for apps built with the Workspace ONE SDK v20.2 or later.
Restricts devices from accessing your enterprise resources that are not on compliant OS versions.
Here is an example of how to configure this setting. Select Greater Than or Equal To, and enter Android 4.4.2. This group of parameters sets the SDK to block access to an Android device or wipe an Android device that either runs 4.4.2 or an OS version later than 4.4.2. This configuration approves of Android OS version 4.4.1 and earlier.
Security Patch Date
Restricts Android devices that are on a security patch older than a specified date. Enter a date that identifies the minimum approved security patch that you require Android devices to run in the Before text box. If an Android device runs a patch published before this date, the SDK acts with the configured action.
Where to Get Data
- App Compliance Reported Non Compliant has a severity of Warning.
- App Compliance Reported Compliant has a severity of Information.