Create/Edit Compliance Policy

Use this dialog box when:

Add compliance policies to SOTI MobiControl to define what makes a compliant device in your environment.

Enter a Name for the compliance policy. Names must be unique per device type. You can also add a description to the compliance policy to provide more information on its usage.

Non-Compliant Criteria

Select inside the Add a filter field to activate it. Start to type the name of a device or extended property to narrow the list, or scroll through the dropdown list to find a property.

Note: Devices that match the criteria specified here are non-compliant.

The compliance policy criteria filter uses the same search functionality as the Devices view search, though with a more limited number of properties. You can combine properties using Boolean operators. Available properties differ depending on the device type.

Learn more about crafting complex filters at Searching With Properties.

Note: macOS and iOS devices share a common criteria list. The following chart describes the supported criteria in each device category:
iOS and macOS iOS Only macOS Only
  • Apps
  • Certificates
  • Agent Check-in Time
  • Agent Disconnect Time
  • Agent Version
  • Available Memory
  • Available Storage
  • Battery Percentage
  • Device Mode
  • Enrollment Time
  • MDM Profile Updated On
  • OS Version
  • Passcode Enabled
  • Custom Attributes
  • Encrypted
  • OS Secure
  • Roaming
  • Custom Data
  • FDE Enabled
  • Processor Type
  • IP Address

Actions

Select Add to expand the Actions section and specify the actions SOTI MobiControl should perform on non-compliant devices.

If actions are not specified, the console flags non-compliant devices and takes no further action.

Choose an action and when to trigger it. Then, configure the settings specific to each action. You can add multiple actions to a compliance policy.

Note: Not all device types support all actions.
Action Description
Set Azure Conditional Access Enforces Microsoft 365 Conditional Access rules, as described in Microsoft 365 Integration - Conditional Access. Select Manage Microsoft 365 to configure these rules in Global Settings.

You can set the Execution Time of these Conditional Access rules to Immediately or a Custom time.

Block Email Access Prevents device users from accessing their Microsoft Exchange email accounts.
Note: Configure an active Microsoft Exchange Server in SOTI MobiControl. macOS does not support the Block Email Access action.
Note: The Microsoft Outlook app does not support this feature. Android users must use the native Gmail app. Likewise, Apple iOS users must use their native mail app.

Choose an Exchange Server from the dropdown list.

Email Notification Sends an email notification to non-compliant devices.
Note: You must configure an email profile in SOTI MobiControl.
Choose the Template Type to use when sending the email notification.
  • Choose User Email to notify users of non-compliant devices and the actions required to achieve compliance. The To: field is automatically pre-populated with the enrolled user email address macro.
  • Choose Administrator Email to email a list of all non-compliant devices.
  • Fill in the email recipient fields.
Tip: To view the templates, send a test email to your email address.