Venn actively ensures the security of your company's devices through continuous compliance monitoring. From the moment a user logs in, it discreetly operates in the background, safeguarding their workflow. Should a device not meet your company's Conditional Access settings at any point, access may be restricted to prevent unprotected activities. Learn more about conditional access policies here.
Compliance Policies for Computers
There are three available states for each compliance checks:
- Not Checked: Policy will not be checked
- Recommended: Policy will be checked; conditional access not enforced
- Required: Policy will be checked; conditional access setting enforced
Listed in the table below, are the available compliance checks for computers. Learn how to modify compliance policies for computers.
Compliance Check | Check Description | Remediation Instructions for Users |
---|---|---|
Antivirus installed |
Requires the installation of antivirus software to protect devices against malware. |
No Antivirus Installed |
Antivirus Threat Status |
Requires that the installed antivirus software is not reporting an unresolved threat on a device. |
Virus Detected |
Antivirus Real-Time Protection |
Requires antivirus software to be actively protecting devices at all times. |
Antivirus Real-Time Protection Disabled |
Antivirus Definitions |
Requires antivirus software to be updated with the latest threat detection definitions in order to protect against known threats. You need to set the number of days a user has to update the antivirus definitions. |
Antivirus Signatures Are Out of Date |
Encryption |
Requires hard drive encryption to be enabled in order to prevent access to sensitive data in the event a device is lost or stolen. |
Hard Drive Encryption Disabled |
Operating system auto-update |
Requires operating systems to be set to update automatically. You need to specify the period of time that updates should have last been applied. This will ensure the latest operating system updates and security patches are applied, keeping the device secure. |
Operating System Auto-Update Disabled |
Unauthorized applications |
The unauthorized application check adds an additional layer of protection for your organization by allowing administrators to specify applications that should not be installed on your device. |
|
Login password | Requires a device to have a login password set to protect against unauthorized access. | Login Does Not Require Password |
Screen saver enabled |
Requires that a screen saver be set on the device to protect sensitive data when the device is not actively being used. |
Screensaver Disabled, Lock Disabled, or Timeout Not Acceptable |
Screen saver lock (Windows platform only) |
Requires a password to resume working after the screen saver has engaged to protect devices from physical access. This should be used in conjunction with the “Screen saver timeout” check. |
|
Screen saver timeout |
Requires the screen saver to engage when a device is not actively being used. You need to specify the number of minutes of inactivity before the screen saver should be activated. This should be used in conjunction with the “Screen saver lock” check. |
|
Firewall |
Requires the use of a personal firewall on devices to help prevent unauthorized external access. |
Firewall Disabled |
Operating system supported |
Requires all devices to be running on a supported operating system. This ensures that only operating systems still eligible for updates and security patches from the vendor are used. |
Operating System is not Supported |
Known devices |
Requires devices to be marked as “Known” by a company manager. Devices can be marked as “Known” in the “All devices” section of the Company admin page in Workplace. Only unique user-device combinations that have been previously marked as known in Company Admin are classified as Known Devices. Learn more about how Venn determines if devices are "known." |
Device Not Marked as Known |
Compliance Policies for Mobile Devices
There are three available states for each compliance checks:
- Not Checked: Policy will not be checked
- Recommended: Policy will be checked; conditional access not enforced
- Required: Policy will be checked; conditional access setting enforced
The default setting for Operating System Supported is Required. The default setting for all other checks is Not checked, which you can later change to Recommended or Required based on your company's policy. Learn how to compliance policies for mobile devices.
Compliance Check | Check Description |
---|---|
Genuine iOS/Android |
The Mobile Operating System hasn’t been jailbroken or rooted. |
Encrypted & Passcode Set |
Users are required to set a passcode on their Mobile devices. On iOS devices, setting a passcode will also encrypt the device. |
Known device |
Requires devices to be marked as “Known” by a company manager. Devices can be marked as “Known” in the “All devices” section of the Company admin page in Workplace. |
Operating System Supported |
The Mobile device is running on a supported operating system |