Assigning a Compliance Policy

About this task

Assign a compliance policy to devices to assess which ones are compliant. After creating a compliance policy, you can assign the compliance policy immediately or assign it later.

Note: You can assign many compliance policies to the same device. The device is non-compliant if it fails to meets the criterion of one compliance policy, even if it meets all the rest.

To assign a compliance policy to many devices:

Procedure

  1. In the Policies > Compliance view, select on a compliance policy's name to open its Compliance Policy Information panel and select the Assign button from the Compliance Policy Actions list.
    You can also right-click on the compliance policy and select > Assign.
    The Assign dialog box opens - see Assign (Compliance Policy).
  2. On the Devices tab of the Assign dialog box, select the device groups or devices that you want the compliance policy to target.
  3. Optional: Open the Users tab to choose which devices within the selected groups get assigned to the compliance policy. Select one or more directory service or identity provider (IdP) groups to specify that devices belonging to that group are either included or excluded from the compliance policy assignment.
  4. Optional: Move to the Filters tab to define filter criteria that further refines which devices receive the compliance policy.
    Note: The filter criteria utilize the same logic as the search function in the Devices view. You can create filters using a limited set of device and extended properties. Assignment filters can be saved across profiles and policies. You can also view, manage, modify, or delete saved filters.

    To save a filter, create your query and select Save. Ensure that you have the Manage Saved Assignment Filter and View Saved Assignment Filter permissions. When deleting assignment filters, you must first remove them from any profiles or policies that are using them.

  5. When you're finished, select Assign.

Results

The new compliance policy is now active. Each time the device checks in to SOTI MobiControl, the compliance policy runs. You can also run it immediately on all its target devices with the Run compliance policy action.