Create/Edit Compliance Policy

Use this dialog box when:

Add compliance policies to SOTI MobiControl to define what makes a compliant device in your environment.

Enter a Name for the compliance policy. Names must be unique per device type. You can also add a description to the compliance policy to provide more information on its usage.

Non-Compliant Criteria

Select inside the Add a filter field to activate it. Start to type the name of a device or extended property to narrow the list, or scroll through the dropdown list to find a property.

Note: Devices that match the criteria specified here are deemed non-compliant.

The compliance policy criteria filter uses the same search functionality as the Devices view search, though with a more limited number of properties. You can combine multiple properties using Boolean operators. Available properties differ depending on the device type.

Learn more about crafting complex filters at Advanced Search.

Note: macOS and iOS devices share a common criteria list. The following chart describes which criteria are supported in each device category:
iOS and macOS iOS Only macOS Only
  • Apps
  • Certificates
  • Agent Check-in Time
  • Agent Disconnect Time
  • Agent Version
  • Available Memory
  • Available Storage
  • Battery Percentage
  • Device Mode
  • Enrollment Time
  • MDM Profile Updated On
  • OS Version
  • Passcode Enabled
  • Custom Attributes
  • Encrypted
  • OS Secure
  • Roaming
  • Custom Data
  • FDE Enabled
  • Processor Type
  • IP Address

Actions

Select Add to expand the Actions section and specify the actions SOTI MobiControl should perform on non-compliant devices.

Actions are not required. If you do not specify any actions, non-compliant devices are flagged as non-compliant in the console, and no further actions are taken.

Choose an action and when it should be triggered: immediately after a device is found non-compliant or after a delay. Then, configure the settings specific to each action. You can add multiple actions to a compliance policy.

Note: Not all actions are supported on all device types.
Action Description
Set Azure Conditional Access Enforces Microsoft 365 Conditional Access rules, as described in Microsoft 365 Integration - Conditional Access. Select Manage Microsoft 365 to configure these rules in Global Settings.

You can set the Execution Time of these Conditional Access rules to Immediately or a Custom time.
Block Email Access Prevents device users from accessing their Microsoft Exchange email accounts.
Note: There must be an active Microsoft Exchange Server configured in SOTI MobiControl. For Apple family devices, this selection is supported in iOS but not macOS.
Note: The Microsoft Outlook app does not support this feature. Android users must be using the native Gmail app. Likewise, Apple iOS users must use their native Mail app.

Choose an Exchange Server from the dropdown list.
Email Notification Sends an email notification to non-compliant devices.
Note: You must configure an email profile in SOTI MobiControl.

Choose which Template Type to use when sending the email notification.

  • Choose User Email to send an email to the non-compliant user that indicates their device is non-compliant and what actions they should perform to achieve compliance. The To: is automatically pre-populated with the enrolled user email address macro.
  • Choose Administrator Email to email a list of all non-compliant devices.
Tip: To view the templates, send a test email to your email address.

Fill in the email recipient fields.