Compliance Rules

Overview

Compliance rules determine whether a device meets compliance requirements based on defined criteria. These rules can be applied to selected devices, device types, or device groups.

A device is considered non-compliant if it fails to meet one or more of the conditions defined in a compliance policy. Non-compliant devices are flagged in the system and may trigger alerts, actions, or restrictions based on organizational policies.

The Compliance Rules tab on the Rules page provides a centralized view of all existing compliance policies, where you can edit, assign, or delete them.

Note: Compliance rules only support non-compliant criteria.

The following topics describe how to set up and use compliance policies:

How Compliance Rules Evaluate

Unlike individual compliance rules, related compliance rules are evaluated together as a group. When multiple related rules apply to a device, their combined results determine whether the device is compliant. If any rule within the group indicates non-compliance, the entire group will be marked as non-compliant, regardless of the results of other rules in the group

For example:

Device #1 is evaluated by Rule #2, Rule #3, and Rule #4.
It is compliant with Rule #2 and Rule #4 but non-compliant with Rule #3.
Result: Device #1 is considered non-compliant overall.

When Compliance Rules Evaluate

Compliance rules are evaluated in the following situations:

When a device’s state changes: All compliance rules related to the changed state are evaluated.
When a compliance rule is created: All compliance rules, including the new one are evaluated.
When a compliance rule is modified: All compliance rules are re-evaluated.
When a compliance rule is deleted: Devices associated only with the deleted rule have their compliance status reset to Pending. All remaining compliance rules are evaluated.
When a compliance rule is activated or deactivated: All compliance rules are evaluated, similar to rule creation or deletion.