Available Device Policy Settings

Your company's device policy is enforced by a series of compliance checks. Starting when a user logs in, Workplace continues to monitor their device in the background while they work. Based on your company's access control level, if the device fails any of these checks, at any time, the user may be prevented from moving forward unprotected. Learn more about Device Policy access control levels.

Desktop Policy Settings

There are three available policy settings for each device compliance check:

  • Recommended
  • Required
  • Not Checked

The default setting for all of the following checks is Recommended, which you can later change to Required or Not checked based on your company's policy. Learn how to modify desktop device policy settings. 

Compliance Check Check Description Remediation Instructions for Users

Antivirus installed

Requires the installation of antivirus software to protect devices against malware.

No Antivirus Installed

Antivirus Threat Status

Requires that the installed antivirus software is not reporting an unresolved threat on a device.

Virus Detected

Antivirus Real-Time Protection

Requires antivirus software to be actively protecting devices at all times.

Antivirus Real-Time Protection Disabled

Antivirus Definitions

 

Requires antivirus software to be updated with the latest threat detection definitions in order to protect against known threats. You need to set the number of days a user has to update the antivirus definitions.

Antivirus Signatures Are Out of Date

Encryption

Requires hard drive encryption to be enabled in order to prevent access to sensitive data in the event a device is lost or stolen.

Hard Drive Encryption Disabled

Operating system auto-update

Requires operating systems to be set to update automatically. You need to specify the period of time that updates should have last been applied. This will ensure the latest operating system updates and security patches are applied, keeping the device secure.

Operating System Auto-Update Disabled

Unauthorized applications

The unauthorized application check adds an additional layer of protection for your organization by allowing administrators to specify applications that should not be installed on a your device. 

If you fail this check:

  1. Sign out of Workplace
  2. Uninstall the unauthorized app 
  3. Sign in to Workplace

If this check continues to fail, please contact your company manager.

Login password Requires a device to have a login password set to protect against unauthorized access. Login Does Not Require Password
Screen saver enabled

Requires that a screen saver be set on the device to protect sensitive data when the device is not actively being used.

Screen Saver Disabled

Screen saver lock (Windows platform only)

Requires a password to resume working after the screen saver has engaged to protect devices from physical access. This should be used in conjunction with the “Screen saver timeout” check.

Screen Saver Lock Disabled

Screen saver timeout

Requires the screen saver to engage when a device is not actively being used. You need to specify the number of minutes of inactivity before the screen saver should be activated. This should be used in conjunction with the “Screen saver lock” check.

Screen Saver Timeout not Acceptable
Firewall

Requires the use of a personal firewall on devices to help prevent unauthorized external access.

Firewall Disabled

Operating system supported

Requires all devices to be running on a supported operating system. This ensures that only operating systems still eligible for updates and security patches from the vendor are used.

Operating System is not Supported

Known devices

Requires devices to be marked as “Known” by a company manager. Devices can be marked as “Known” in the “All devices” section of the Company admin page in Workplace.

Device Not Marked as Known

 

Mobile Policy Settings

There are two available policy settings for each device compliance check:

  • Recommended
  • Required
  • Not Checked

The default setting for Operating System Supported is Required.  The default setting for all other checks is Not checked, which you can later change to Recommended or Required based on your company's policy. Learn how to modify mobile device policy settings.

Compliance Check Check Description
Genuine iOS/Android

The Mobile Operating System hasn’t been jailbroken or rooted.

Encrypted & Passcode Set

Users are required to set a passcode on their Mobile devices. On iOS devices, setting a passcode will also encrypt the device.

Known device

Requires devices to be marked as “Known” by a company manager. Devices can be marked as “Known” in the “All devices” section of the Company admin page in Workplace.

Operating System Supported

The Mobile device is running on a supported operating system

 

Was this article helpful?