Skip to main content

Compliance Job (Windows Server)

The Compliance Job allows administrators to identify potential risks such as device health, mobile threats, battery life, and more on Windows Server devices. When these threats are detected, the job can take proactive steps, such as adding devices to a blocklist or erasing data. Additionally, administrators have the capability to configure alerts and notifications for the discovery of these vulnerabilities.

note

The device must be enrolled in Dual Enrollment mode for this feature to work.

To create a Compliance Job and remotely deploy it to the enrolled device(s) or group(s), follow these steps:

  1. Navigate to the SureMDM Web Console > Jobs > New Job > Windows Server > Compliance Jobs.
  2. On the Compliance Job prompt, enter a Job Name.
  3. Select the option below to create compliance rules and click Configure.

  • OS Version: Create compliance rules based on the device's OS Version.

  • Online device connectivity: This option allows you to create compliance rules based on device connectivity with the SureMDM Server.

  • Network Information Monitoring: Compliance rule to check SIM’s MCC and MNC against configured values and triggers actions if they are non-compliant. To set this up, open Network Information Monitoring, select SIM 1 and/or SIM 2 > enable MCC change and/or MNC change checkbox > enter the MCC and MNC values.

  • Device Storage: Create Compliance rules based on the device storage.

  • Device Encryption: Create compliance rules based on device encryption.

  • Device Uptime: This option allows you to create compliance rules based on device uptime.

note

Device Uptime is supported on Windows Server devices with SureMDM Agent version > 6.29.0.

  • Application Policy: Use this section to add apps to the blocklist or allowlist.

  • - Blocklisted Apps

  • - Allowlisted Apps

  • Windows Health Attestation - Compliance rule based on device health attestation values.

  • Windows Copy Genuine Validation - Compliance rule to verify whether the copy of Windows currently running on the device is genuine or not.

  • Custom Compliance: Create custom compliance rules based on the device properties for a specific Device Model.

  • - Evaluate Using Script

  • - Evaluate Using Custom Device Property

  • Hardware change: This allows you to create compliance rules based on hardware changes.

  1. Configure the Compliance Rules and under Out of Compliance Actions, select the appropriate action from the following when the compliance rules are violated:
  • Send Message
  • Move to Blocklist
  • Wipe the Device
  • Lock Device
  • E-mail Notification
  • Apply Job
  • Send SMS
note

Repeat After EverySend Message, E-mail Notification, Apply Job, and Send SMS support this additional action. Use this setting to repeat these actions after every Hour, Days, Weeks or Months.

  1. Click Add Action to add additional Out of Compliance Actions.
  2. Click Save.
    The newly created job will be listed in the Jobs List section.
  3. Go back to the Home tab and select the Windows Server device(s) or group(s).
  4. Click Apply to launch the Apply Job/Profile To Device prompt.
  5. Select the job under All Jobs/Profiles.
  6. Click Apply in the Apply/Profile To Device prompt.
Was this page helpful?