Skip to main content

Compliance Job (Windows)

The Compliance Job allows administrators to identify potential risks such as device health, mobile threats, battery life, and more on Windows devices. When these threats are detected, the job can take proactive steps, such as adding devices to a blocklist or erasing data. Additionally, administrators have the capability to configure alerts and notifications for the discovery of these vulnerabilities. 

note

The device must be enrolled in Dual Enrollment mode for this feature to work.

To create a Compliance Job and remotely deploy it to the enrolled device(s) or group(s), follow these steps:

  1. Navigate to the SureMDM Web Console > Jobs > New Job > Windows > Compliance Jobs.

  2. On the Compliance Job prompt, enter a Job Name. 

  3. Select the below option to create compliance rules and click Configure.

  • OS Version: Create compliance rules based on the device's OS Version.

  • Online device connectivity: This option allows you to create compliance rules based on device connectivity with the SureMDM Server.

  • Battery - Compliance rule based on battery levels.

note

The device must run SureMDM Agent v 4.71.0 or later for this feature to work.

  • Device Storage: Create Compliance rules based on the device storage.

  • Device Encryption: Create compliance rules based on device encryption.

  • Device Uptime: This option allows you to create compliance rules based on device uptime.

note

This feature is supported on Windows devices with SureMDM Agent version >4.77.0.

  • Mobile Threat Defense - Compliance rule for the devices to comply with the following MTD policy: 

    - Anti-Virus Protection
    - Anti-Virus Expiry Date
note

The device must run SureMDM Agent v4.57 or later for this feature to work.

  • Application Policy: Use this section to add apps to the blocklist or allowlist.

    - Blocklisted Apps
    - Allowlisted Apps

  • Windows Health Attestation - Compliance rule based on device health attestation values.

  • Windows Copy Genuine Validation - Compliance rule to verify whether the copy of Windows currently running on the device is genuine or not.

  • Windows Update: This option allows you to create compliance rules to check whether Windows Updates are up to date and take administrative action.

note

Supported only on Windows devices and SureMDM Agent version > 5.07

  • Location Access - Compliance rule based on the device location access state (Always On/Off).
note

The device must run SureMDM Agent v 4.71.0 or later for this feature to work.

  • Custom Compliance: Create custom compliance rules based on the device properties for a specific Device Model.

    - Evaluate Using Script
    - Evaluate Using Custom Device Property

  • Hardware change: This allows you to create compliance rules based on hardware changes.

  1. Configure the Compliance Rules and under Out of Compliance Actions, select the appropriate action from the following when the compliance rules are violated:
  • Send Message
  • Move to Blocklist
  • Wipe the Device
  • Lock Device
  • E-mail Notification
  • Apply Job
  • Send SMS
note

Repeat After Every - Send Message, E-mail Notification, Apply Job and Send SMS suppor this additional action. Use this setting to repeat these actions after every Hour, Days, Weeks or Months.

  1. Click Add Action to add additional Out of Compliance Actions.

  2. Click Save.

    The newly created job will be listed in the Jobs List section. 

  3. Go back to the Home tab and select the Windows device(s) or group(s).

  4. Click Apply to launch the Apply Job/Profile To Device prompt.

  5. Select the job under All Jobs/Profiles.

  6. Click Apply in the Apply/Profile To Device prompt.