Compliance control of Android devices with corporate security requirements
The Compliance Control feature ensures that Android devices comply with corporate security requirements. Corporate security requirements regulate device usage. For example, real-time protection must be enabled on the device, anti-malware databases must be up-to-date, and the device password must be strong enough. Compliance Control is based on a list of rules. A compliance rule includes the following components:
Device check criterion (for example, absence of prohibited apps on the device)
Time interval allocated for the user to fix the noncompliance (for example, 24 hours)
Action that will be taken on the device if the user does not fix the noncompliance within the time set (for example, device locking)
If the user does not fix the noncompliance within the specified time, the following actions are available:
Block all apps launch. All applications on the user's mobile device are blocked from starting.
Lock device. Mobile device is locked. To obtain access to data, you must unlock the device. If the reason for locking the device is not rectified after the device is unlocked, the device will be locked again after the specified time period.
Reset to factory settings. All data is deleted from the mobile device and its settings revert to their factory values. After this action is completed, the device will no longer be a managed device. To connect the device to Kaspersky Endpoint Security Cloud, you must reinstall Kaspersky Endpoint Security for Android.
To configure Compliance Control for Android devices:
Select the Security management → Security profiles section.
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
In the list, select the security profile for the devices on which you want to configure Compliance Control.
Click the link with the profile name to open the security profile properties window.
The security profile properties window displays settings available for all devices.
In the Android group, select the Management settings section.
In the Compliance Control is not configured section, click the Settings link.
The Compliance Control settings page opens.
Set the toggle switch to Administrator notification is enabled.
If a device does not meet the corporate security requirements, you will receive a notification.
Set the toggle switch to User notification is enabled.
If a device does not meet the corporate security requirements, the device user will be prompted to fix the noncompliance.
In the Compliance rules section, click Settings.
A page opens showing a list of device scan rules.
Create a list of rules to check the device for compliance with the corporate security requirements:
Click Add.
The Device Check Rule Creation Wizard starts.
Select a check criterion, and then click the Next button.
Select the time interval allocated for the user to fix the noncompliance and the action to be taken on the device if the noncompliance is not fixed.
You can create and enable multiple actions and time limits for a single rule by using check boxes. For example, if the noncompliance has not been fixed within one hour, access to corporate data will be blocked on the device. If the noncompliance has not been fixed within four hours, the device will be locked.
Click OK.
The rule that you created will be added to the list of check rules on the device.
Click the Save button.
After the security profile is applied, the managed device will be controlled for compliance with the corporate security requirements at each synchronization with Kaspersky Endpoint Security Cloud. If the managed device does not meet the corporate security requirements, the actions specified in the Compliance Control settings will be applied to the device.