Device Compliance Policies

Overview

Implement custom policies that decide what characterizes a compliant device in your environment. Each compliance policy consists of a set of highly customizable criteria that uses filtering logic similar to the Devices search. Devices that match the specified criteria get flagged in the system as non-compliant and you can perform actions based on their compliance status.

You can create many compliance policies, each with different criteria, different actions, or different device group targets.

Compliance polices support Android, Apple, and Linux devices.

This section has the following topics:

Compliance policies run at every device check-in. You can identify non-compliant devices by a red exclamation mark in the Devices list. You can also check a device's compliance status in its Device Information panel or run a device search: Compliance Status = Non-Compliant. The Compliance Status (deprecated) device property specifically refers to a device's status regarding default compliance policies.

Default Compliance Polices

Recent versions of SOTI MobiControl significantly expanded the former functionality of compliance policies, which referred to a specific and limited set of criteria such as whether a device was:

Enrolled
Enabled
Wiped
Jailbroken or rooted

Device types which do not support custom compliance policies (such as Windows and Printers) continue to use this older standard. On Android Plus, Apple, and Linux devices, they remain as default compliance policies.

Warning: Do not edit or delete default policies as that can impact device compliance status evaluation.

Important: Default compliance policies for Android Plus, Apple, and Linux devices automatically target all root device groups (and their sub groups) that exist at the moment of upgrade or installation. You need to manually add any root groups you create after to the default compliance policy's assignment criteria.