Configure Compliance Policy (Android Management)
The Compliance Policy in SureMDM allows administrators to define security requirements that devices must meet to remain compliant. If a device violates the configured rules, predefined Out of Compliance Actions are automatically enforced to protect corporate data and resources.
To create a compliance policy profile and deploy it to the device(s), follow these steps:
Navigate to SureMDM Web Console > Profiles > Android > Add > Compliance Policy > Configure.
Enter a Profile Name.
In the Compliance Policy screen, the settings available are given below:
| Settings | Description |
|---|---|
| Password Policy | |
| Device should be secured with password | Enable this option to ensure that the device or work profile is protected with a password. |
| Block Device Usage | Blocks device or work profile usage if it remains non-compliant after the specified delay (immediately or after defined days). Scope can be set to device or work profile. |
| Wipe Device | Factory resets the device or deletes the work profile if non-compliance continues beyond the specified delay. |
| Encryption Policy | |
| Device should be encrypted | Enable this option to ensure device storage encryption. Options include Unspecified, With Password, or Without Password. |
| Block Device Usage | Blocks device or work profile usage if encryption requirements are not met. |
| Wipe Device | Resets the device or removes the work profile if the device remains unencrypted after the defined delay. |
| Disable Keyguard | |
| Device should not have keyguard customization | Enable this option to prevent unauthorized lock screen (keyguard) customizations. |
| Block Device Usage | Blocks usage if keyguard customization policy is violated. |
| Wipe Device | Resets the device or work profile if non-compliance persists. |
| Permitted Input Methods | |
| Device should have only permitted input methods | Enbale this option to restrict the device to approved keyboards/input methods only. |
| Block Device Usage | Blocks usage if unauthorized input methods are detected. |
| Wipe Device | Resets the device or work profile if violation continues. |
| Permitted Accessibility Services | |
| Device should have only permitted accessibility services | Enable this option to allow only approved accessibility services on the device. |
| Block Device Usage | Blocks usage if unauthorized accessibility services are enabled. |
| Wipe Device | Resets the device or work profile if non-compliance persists. |
| Minimum API Level | |
| Device should have minimum API level | Ensures the device runs on the specified minimum Android API level. Set the Minimum API Level. |
| Block Device Usage | Blocks usage if the device OS version is below the defined level. |
| Wipe Device | Resets the device or work profile if the device does not meet the minimum API requirement. |
| Device Posture Policy | |
| Potentially Compromised | Defines actions for devices detected as high risk (e.g., unlocked bootloader or failed integrity checks). |
| At Risk | Defines actions for devices with moderate security risks such as outdated software or weakened security settings. |
| Blocklist Device | Moves the device to the blocklisted section, preventing access to corporate resources. |
| Wipe Device | Factory resets the device or removes the work profile upon posture violation. |