Compliance Job (Android)
Compliance Job is used to configure compliance rules such as rooting/ jailbreaking, SIM card changes, password in compliance and proactively trigger specified measures like blocklisting the devices or wiping data off a device. This job allows administrators to set alerts and notifications on the detection of such vulnerabilities.
To create a Compliance Job and remotely deploy it to the enrolled device(s) or group(s), follow these steps:
1. On the SureMDM Web console, navigate to Jobs > New Job > Android > Compliance Jobs.
2. In the Compliance Job prompt, enter a Job Name.
3. Select an option from the below to create compliance rules and click Configure.
OS Version - Compliance rule based on device OS.
Jailbroken/Rooted - Compliance rule to detect Jailbroken / Rooted devices.
Play For Work - Compliance rule to detect whether a Play for Work account is configured on devices. Supported only for devices enrolled using Google Mail Account.
Security Patch Level - Compliance rule based on the security patch level installed on a device for the specified months.
Online Device Connectivity - Compliance rule based on device connectivity with the SureMDM server.
Mobile Network Connectivity - Compliance rule based on mobile network connectivity with SureMDM server.
This compliance rule is supported on devices running SureMDM Agent v18.08 onwards.
SIM Change - Compliance rule to detect SIM changes on devices.
Password Policy - Compliance rule for devices to comply with the password policy.
System Health Compliance – Compliance rule based on system health parameters including battery level, battery temperature, CPU temperature, GPU temperature, and skin temperature.
Device Storage - Compliance rule for the device storage when it goes below the specified percentage.
Device Encryption – Compliance rule based on encryption status of devices, ensuring FileVault is enabled on macOS, encryption is enabled on Linux, and specified drives are encrypted on Windows devices.
Device Up Time - Compliance rule based on device uptime, ensuring the device has not been running continuously beyond the defined threshold for Linux, macOS, and Windows devices.
- Mobile Threat Defense - Compliance rule for the devices to comply with the following MTD policies:
- Anti-Virus Protection
- Anti Phishing Protection
- Platform Integrity Protection
- CTS Protection
- Anti-Virus Expiry Date
This compliance rule is supported on SureMDM Agent version >= 27.32.13 for Android and SureMDM Agent version >= 4.67 for iOS/iPadOS devices..
Application Policy - Compliance rule for blocklisted and allowlisted apps.
Windows Health Attestation – Compliance rule based on Windows health attestation values such as AIK, reset count, restart count, DEP policy, secure boot enabled, boot debugging enabled etc.
Windows Copy Genuine Validation – Compliance rule to verify if the installed Windows OS is genuine and take action if the validation fails.
- Windows Update – Compliance rule to ensure Windows updates, including critical, quality, feature, and driver updates, are up to date on the device.
- Cell Signal Strength - Compliance rule based on the device's cell signal strength (in percentage or dbm) provided by the service provider.
This compliance rule is supported on devices running SureMDM Agent v27.20.13 onwards.
- Wi-Fi Signal Strength - Compliance rule based on the device's Wi-Fi signal strength (in percentage or dbm).
This compliance rule is supported on the devices running SureMDM Agent v27.20.13 onwards.
- Active Kiosk Application - Compliance rule based on the following kiosk applications.
- SureLock
- SureFox
- SureVideo
- Custom
You need to enter the package ID for custom apps.
This compliance rule is supported on devices running SureMDM Agent v27.04.04 onwards.
- Location Access - Compliance rule based on the device’s location access state (Always On/Off).
This compliance rule is supported on the devices running SureMDM Agent v26.04.00 onwards.
Custom Compliance – Compliance rule that allows creation of custom checks using custom scripts or custom device properties on Windows and Linux devices.
Hardware Change – Compliance rule ba*sed on detection of hardware changes such as processor, disk drive, BIOS/UEFI, motherboard, system name, display, GPU, battery, and RAM on Windows, Linux, and macOS devices.
Firewall Policy – Compliance rule to ensure the firewall is enabled on macOS devices.
This compliance rule is supported on macOS devices with OS version >= macOS 10.12
- Things Compliance – Compliance rule based on device properties specific to a particular Things device model.
4. Configure the Compliance Rules and under Out of Compliance Actions, select the appropriate action from the following when the compliance rules are violated:
- Send Message
- Move to Blocklist
- Wipe the Device
- Lock Device (Android/iOS/Linux/Windows)
- E-mail Notification
- Apply Job
- Send SMS
5. Click Add Action to add additional Out of Compliance Actions.
6. Click Save.
The newly created job will be listed in the Jobs List section.
7. Go back to Home tab and select the Android device(s) or group(s).
8. Click Apply to launch the Apply Job/Profile To Device prompt .
9. In the Apply Job/Profile To Device prompt, select the job and click Apply.