Compliance control of Android devices with corporate security requirements

The Compliance Control feature ensures that Android devices comply with corporate security requirements. Corporate security requirements regulate device usage. For example, real-time protection must be enabled on the device, anti-malware databases must be up-to-date, and the device password must be strong enough. Compliance Control is based on a list of rules. A compliance rule includes the following components:

If the user does not fix the noncompliance within the specified time, the following actions are available:

To configure Compliance Control for Android devices:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Select the Security managementSecurity profiles section.

    The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

  3. In the list, select the security profile for the devices on which you want to configure Compliance Control.
  4. Click the link with the profile name to open the security profile properties window.

    The security profile properties window displays settings available for all devices.

  5. In the Android group, select the Management settings section.
  6. In the Compliance Control is not configured section, click the Settings link.

    The Compliance Control settings page opens.

  7. Switch the toggle button to Administrator notification is enabled.

    If a device does not meet the corporate security requirements, you will receive a notification.

  8. Switch the toggle button to User notification is enabled.

    If a device does not meet the corporate security requirements, the device user will be prompted to fix the noncompliance.

  9. In the Compliance rules section, click Settings.

    A page opens showing a list of device scan rules.

  10. Create a list of rules to check the device for compliance with the corporate security requirements:
    1. Click Add.

      The Device Check Rule Creation Wizard starts.

    2. Select a check criterion, and then click the Next button.
    3. Select the time interval allocated for the user to fix the noncompliance and the action to be taken on the device if the noncompliance is not fixed.

      You can create and enable multiple actions and time limits for a single rule by using check boxes. For example, if the noncompliance has not been fixed within one hour, access to corporate data will be blocked on the device. If the noncompliance has not been fixed within four hours, the device will be locked.

    4. Click OK.

      The rule that you created will be added to the list of check rules on the device.

  11. Click the Save button.

After the security profile is applied, the managed device will be controlled for compliance with the corporate security requirements at each synchronization with Kaspersky Endpoint Security Cloud. If the managed device does not meet the corporate security requirements, the actions specified in the Compliance Control settings will be applied to the device.

Page top