Device Compliance Policies

Overview

Implement custom policies that determine what characterizes a compliant device in your environment. Each compliance policy consists of a set of highly customizable criteria that uses filtering logic similar to the Devices search. Devices that match the specified criteria are flagged in the system as non-compliant and you can perform actions based on their compliance status.

You can create multiple compliance policies, each with different criteria, different actions, or different device group targets.

Compliance polices are supported on Android, Apple, and Linux devices.

This section contains the following topics:

Compliance policies are run at every device check-in. Non-compliant devices are marked with a red exclamation mark in the Devices list. You can also check a device's compliance status in its Device Information panel or run a device search: Compliance Status = Non-Compliant. The Compliance Status (deprecated) device property specifically refers to a device's status regarding default compliance policies.

Default Compliance Polices

SOTI MobiControl 15.1.0 significantly expanded the former functionality of compliance policies. Previously, compliance referred to a specific and limited set of criteria such as whether a device was:

  • Enrolled
  • Enabled
  • Wiped
  • Jailbroken or rooted

Device types which do not support custom compliance policies (such as Windows and Printers) continue to use this older standard. On Android Plus, Apple, and Linux devices, they remain as default compliance policies.

Warning: Do not edit or delete default policies as that can impact device compliance status evaluation.
Important: Default compliance policies for Android Plus, Apple, and Linux devices automatically target all root device groups (and their sub groups) that exist at the moment of upgrade or installation. You need to manually add any root groups you create afterwards to the default compliance policy's assignment criteria.