Configuring compliance rules for Windows devices
You can assign compliance rules to Windows devices at the device group level and during device enrollment.
Enabling this feature in the IBM MaaS360 Portal
- From the MaaS360 Portal
Home page, select Setup, and then enable .The new platform type Windows Desktop OS is now available in the Select Applicable Platforms section for any compliance rule.Note: For 10.61 and earlier releases, you must manually enable the Windows Desktop OS checkbox to apply compliance rules to Windows devices. For the 10.62 release, the Windows Desktop OS checkbox is enabled by default.
Enforcement rules for Windows device compliance
The 10.62 release supports the following enforcement rules for Windows device compliance.
- OS versions
- Jailbroken or rooted devices that are detected by Windows Health Attestation failures
Configuring enforcement rules for OS versions
- From the Enforcement Rules section, go to OS
Versions, and then configure the following options.
Option Description Specify Version Range The range of Windows OS versions that is allowed for managed devices. Specify Allowed Versions The version of Windows devices that is allowed for managed devices. Specify Disallowed Versions The version of Windows devices that is not allowed for managed devices. - From the Enforcement Rules section, define the Enforcement
Action that is taken immediately after managed devices are out of compliance. The following enforcement actions are available on rooted Windows devices.
- Selective wipe
- Change policy
- Wipe
- Remove control
- Hide device
Configuring enforcement rules for jailbroken or rooted devices
- From the IBM® MaaS360® Portal, define the Health Attestation policy. Go to .
- Use the Change Policy action to apply the Health Attestation policy to
the group. Note: If the Health Attestation policy is not visible in the IBM MaaS360 Portal, contact IBM Support to enable the policy.
- Select to assign the rule set to the device group.
- From the Compliance Rule Set list, choose a jailbroken rule set, and then click Submit.
- From the Enforcement Rules section, define the Enforcement
Action that is taken immediately after managed devices are out of
compliance.The following enforcement actions are available on rooted Windows devices.
- Selective wipe
- Change policy
- Wipe
- Remove control
- Hide device
- Go to the Device Summary page to view the Device Health Attestation State, Rules Compliance Status, Rule Set Name, and Out of Compliance Reasons.
Changing compliance rule sets during Windows device enrollments
- During the enrollment request process, select the rule set from the Advanced Settings.