Yesterday I got the question how to handle compliance policies for mobile Devices to make sure they will be fulfilled and otherwise what will happen if I update one after a while.
I will explain it with a little example. The Users will have iOS Devices and you want to make sure that all Devices are up2date with near the newest OS Version. In that case you configure a compliance policy for the OS Version as a rule.
Under Devices – Compliance Policies – Add (choose the OS you want to create the policy for)
You define if any or all of the defined policies have to match. On the left side choose OS Version. Then you can use “greater than” as shown above or “is” for the Version which you will configure on the right side. It depends how you want to use the rule.
After that you have to define which actions will taken if Devices will not fulfil that rule.
Here you have several options how you want to handle it. As you can see on the picture above the Device will get 3 actions step by step. It´s like an escalation chain.
- The User will be notified by email. This will request the User to update his Device to be compliant
- After 3 days, if the User don´t do it, the email function will be blocked
- after 5 days, all Profiles will be removed from the Device which means, that the User will don´t have access to Company resources anymore.
After the defined actions to take you assign the created compliance rule to the Users or User Groups which have to fulfil it:
Now the Administrator will update that rule after 3 days. Will the rule count (5 days) go ahead or reset? The counter will be reseted because you update the rule and define maybe a new OS Version in that case.
If you want that the Devices fulfil another or newer OS Version in future, I recommend to create a new additional rule.