Create/Edit Compliance Policy

Use this dialog box when:

Add compliance policies to SOTI MobiControl to define what makes a compliant device in your environment.

Enter a Name for the compliance policy. Names must be unique per device type. You can also add a description to the compliance policy to provide more information on its usage.

Non-Compliant Criteria

Click inside the Add a filter field to activate it. Start to type the name of a device or extended property to narrow down the list or scroll through the dropdown list to find a property.

Note: Devices that match the criteria specified here are deemed non-compliant.

The compliance policy criteria filter uses the same search functionality as the Devices view search, though with a more limited number of properties. You can combine multiple properties using Boolean operators. Available properties differ depending on device type.

Learn more about crafting complex filters at Advanced Search.

Note: macOS and iOS devices share a common criteria list. The following chart describes which criteria are supported in each device category:
iOS and macOS iOS Only macOS Only
  • Apps
  • Certificates
  • Agent Check-in Time
  • Agent Disconnect Time
  • Agent Version
  • Available Memory
  • Available Storage
  • Battery Percentage
  • Device Mode
  • Enrollment Time
  • MDM Profile Updated On
  • OS Version
  • Passcode Enabled
  • Custom Attributes
  • Encrypted
  • OS Secure
  • Roaming
  • Custom Data
  • FDE Enabled
  • Processor Type
  • IP Address

Actions

Click Add to expand the Actions section and specify the actions SOTI MobiControl should perform on non-compliant devices.

Actions are not required. If you do not specify any actions, non-compliant devices are simply flagged as non-compliant in the console and not further actions are taken.

Choose an action and when it should be triggered: immediately after a device is found non-compliant or after a delay. Then, configure the settings specific to each action. You can add multiple actions to a compliance policy.

Note: Not all actions are supported on all device types.
Action Description
Set Azure Conditional Access Enforces Microsoft 365 Conditional Access rules, as described in Microsoft 365 Integration - Conditional Access. Click Manage Microsoft 365 to configure these rules in Global Settings.

You can set the Execution Time of these Conditional Access rules to Immediately or a Custom time.
Block Email Access Prevents device users from accessing their Microsoft Exchange email accounts.
Note: There must be an active Microsoft Exchange Server configured in SOTI MobiControl.

Choose an Exchange Server from the dropdown list.
Email Notification Sends an email notification to non-compliant devices.
Note: An email profile must be configured in SOTI MobiControl.

Choose which Template Type to use when sending the email notification.

  • Choose User Email to send an email to the non-compliant user that indicate that their device is currently non-compliant and what actions they should perform to achieve compliance. The To: is automatically pre-populated with the enrolled user email address macro.
  • Choose Administrator Email to send an email with a list of all non-compliant devices.
Tip: To view the templates, send a test email to your own email address.

Fill in the email recipient fields.