SureMDM

Compliance Job (Windows)

Compliance Job is used to configure compliance rule based on device health attestation and proactively trigger specified measures like blocklisting the devices or wiping data off a device. This job allows admins to set alerts and notifications on detection of such vulnerabilities.

Note: The device must be enrolled in Dual Enrollment mode for this feature to work. 

To create a Compliance Job and remotely deploy it to the enrolled device(s) or group(s), follow these steps:

1.  Navigate to SureMDM Web Console > Jobs > New Job > Windows > Compliance Jobs.

2.  In the Compliance Job prompt, enter a Job Name. 

3.  Select the below option to create compliance rules and click Configure.

• Windows Health Attestation - Compliance rule based on device health attestation values
• Windows Copy Genuine Validation - Compliance rule to verify whether the copy of Windows currently running on the device is genuine or not.
• Mobile Threat Defense - Compliance rule for the devices to comply with the following MTD policy: 

• Anti Virus Protection

Note: The device must run SureMDM Agent v4.57 or later for this feature to work.

• Battery - Compliance rule based on battery levels.

Note: The device must run SureMDM Agent v 4.71.0 or later for this feature to work.

• Location Access - Compliance rule based on the device location access state (Always On/Off).

Note: The device must run SureMDM Agent v 4.71.0 or later for this feature to work.

• Online device connectivity: This option allows you to create compliance rules based on device connectivity with the SureMDM Server.
• Device Uptime: This option allows you to create compliance rules based on device uptime.

Note: This feature is supported on Windows devices with SureMDM Agent version >4.77.0

• Windows Updates: This option allows you to create compliance rules to check whether Windows Updates are up to date and take administrative action.
• Windows Updates: This option allows you to create compliance rules to check whether Windows Updates are up to date and take administrative action.

Note: Supported only on Windows devices and SureMDM Agent version > 4.72.0.

• Hardware changes: This allows you to create compliance rules based on hardware changes.

4.  Configure the Compliance Rules and under Out of Compliance Actions, select the appropriate action from the following when the compliance rules are violated:

• Send Message
• Move to Blocklist
• Wipe the Device
• E-mail Notification
• Apply Job
• Send SMS

5.  Click Add Action to add additional Out of Compliance Actions.

6.  Click Save.

     The newly created job will be listed in the Jobs List section. 

7.  Go back to Home tab and select the Windows device(s) or group(s).

8.  Click Apply to launch the Apply Job/Profile To Device prompt.

9.  In the Apply Job/Profile To Device prompt, select the job and click Apply.