Creating a compliance rule for devices
Create and configure compliance rule sets to maintain device security by enforcing policies for encryption, OS versions, app compliance, geo-fencing, and monitoring across your organization's managed devices.
About this task
Procedure
- From the IBM MaaS360 Portal home page, select Security > Compliance Rules.
- On the Compliance Rules window, click Add Rule Set.
- On the Add Rule window, specify the group that the rule applies to, the name of the rule set, and which existing rule to use as a basis.
- Click Continue.
- On the Basic Settings tab, configure the following settings and
rules.
- Basic Settings
- Configure the platforms that the rule set applies to and then enter the email addresses that receive alerts for the rule set.
- Enforcement Rules
- Configure to enforce security compliance for mobile devices. You can choose the following options.
- Enrollment in MDM
- Specific operating system versions
- Support for block- and file-level encryption, or no encryption
- Compliance with corporate app policies for allowed, blocked, and required apps
- Support for remote wipe
- Restrictions for jailbroken (iOS), rooted (Android), or Health Attestation Failed (Windows) devices
- Managing access of blocked devices to corporate resources
- Enforcing operating system patch update installation
You can configure various enforcement actions for this rule. For more information, see Configuring enforcement actions for compliance rules.
The Wipe action wipes all data from the mobile device and resets the device to the original factory settings. For Android 2.2, the Wipe action resets the phone memory only. However, for Android 2.3, the Wipe action resets both the phone memory and the SD card.
Note: The Block and the Wipe enforcement actions are available only with the Cloud Extender® integration.
- Geo-Fencing Rules
- Configure to enforce location-related compliance for mobile devices to change the policy on the
device based on its location or to specify actions that occur on the device when the device is
removed from one of the approved locations.
You can configure various enforcement actions for this rule. For more information, see Configuring enforcement actions for compliance rules.
- Monitoring Rules
- Configure to monitor various device state changes, changes to the primary SIM, when the device
is in roaming, and any operating system version changes.
You can configure various enforcement actions for this rule. For more information, see Configuring enforcement actions for compliance rules.
- Expense Monitoring Rules
- Configure to take real-time action for expense management, apply changes to mobile data usage to
monitor both roaming and in-network data usage, and to manage usage thresholds.
You can configure various enforcement actions for this rule. For more information, see Configuring enforcement actions for compliance rules.
Note: Purchase the Expense Management module separately. Contact IBM Support for more information.
- Group Based Rules
- Configure to create rules for previously defined groups of devices or users.
- Custom Attribute Rules
- Configure to create rules for previously defined groups of devices or users.
-
Apply your changes, and then click Save. Note: Windows supports encryption compliance rule only for System drive.