Create/Edit Compliance Policy

Use this dialog box when:

Add compliance policies to SOTI MobiControl to define what makes a compliant device in your environment.

Enter a Name for the compliance policy. Names must be unique per device type. You can also add a description to the compliance policy to provide more information on its usage.

Non-Compliant Criteria

Select inside the Add a filter field to activate it. Start to type the name of a device or extended property to narrow the list, or scroll through the dropdown list to find a property.

Note: Devices that match the criteria specified here are non-compliant.

The compliance policy criteria filter uses the same search functionality as the Devices view search, though with a more limited number of properties. You can combine properties using Boolean operators. Available properties differ depending on the device type.

Learn more about crafting complex filters at Searching With Properties.

Note: macOS and iOS devices share a common criteria list. The following chart describes the supported criteria in each device category:
iOS and macOS iOS Only macOS Only
  • Apps
  • Certificates
  • Agent Check-in Time
  • Agent Disconnect Time
  • Agent Version
  • Available Memory
  • Available Storage
  • Battery Percentage
  • Device Mode
  • Enrollment Time
  • MDM Profile Updated On
  • OS Version
  • Passcode Enabled
  • Custom Attributes
  • Encrypted
  • OS Secure
  • Roaming
  • Custom Data
  • FDE Enabled
  • Processor Type
  • IP Address

Actions

Select Add to expand the Actions section and specify the actions SOTI MobiControl should perform on non-compliant devices.

If actions are not specified, the console flags non-compliant devices and takes no further action.

Choose an action and when to trigger it. Then, configure the settings specific to each action. You can add multiple actions to a compliance policy.

Note: Not all device types support all actions.
Action Description
Report Compliance Status to Microsoft Entra ID Sends the device’s compliance status from SOTI MobiControl to Microsoft Entra ID.
Note: See Microsoft Integration | Conditional Access for more details.
Block Email Access Prevents device users from accessing their Microsoft Exchange email accounts.
Note: Requires an active Microsoft Exchange Server connection in SOTI MobiControl. For Apple devices, this selection is currently supported in iOS but not macOS.
Email Notification Sends an email message whenever the compliance policy registers a device as non-compliant.
Note: You can send the email message to the non-compliant device or another user.
Note: Requires an email profile.
Set SOTI Identity Conditional Access Enforces SOTI Identity conditional access rules, as described under SOTI Identity.
Note: For more information on how to set up the connection between SOTI Identity and SOTI MobiControl, see SOTI Identity.