Compliance Control allows you to monitor iOS MDM devices for compliance with corporate security requirements and take actions if non-compliance is found. Compliance Control is based on a list of rules. Each rule includes the following components:
To create a rule:
The Compliance Control Rule Wizard starts.
The following criteria are available:
Checks whether the list of apps on the device contains forbidden apps or does not contain required apps.
For this criterion, you need to select a check type (Contains or Does not contain) and specify app IDs.
Checks the version of the operating system on the device.
For this criterion, you need to select a comparison operator (Equal, Not equal, Less than, or Greater than) and specify the iOS version.
Note that the Equal and Not equal operators check for a full match of the operating system version with the specified value. For instance, if you specify 15 in the rule, but the device is running iOS 15.2, the Equal criterion is not met. If you need to specify a range of versions, you can create two criteria and use the Less than and Greater than operators.
Checks the device's management mode.
For this criterion, you need to select a mode (Supervised device or Non-supervised device).
The following actions are available:
The device user is informed about the non-compliance by email.
For this action, you need to specify the user's email address(es) and the email message.
The configuration profile is installed on the device. This action is performed by sending the Install profile command.
For this action, you need to specify the ID of the configuration profile to be installed.
The configuration profile is deleted from the device. This action is performed by sending the Remove profile command.
For this action, you need to specify the ID of the configuration profile to be removed.
All previously installed configuration profiles are deleted from the device.
All installed configuration profiles, provisioning profiles, the iOS MDM profile, and applications for which the Remove together with iOS MDM profile check box has been selected are removed from the device. This action is performed by sending the Wipe corporate data command.
The new rule appears in the list in the Compliance Control rules section.
Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.
Page top