Table 5 | MDM Responses |
| |
Action Type | Options |
Jailbreak/Rooted Device Enforcement
Application Compliance
Currently the MDM does not provide a method to mark compliance checks that are not reported to ISE. ISE cannot assert that network security issue caused a device to be MDM non-compliant.
Device Compliance/Restrictions
Restrictions and compliance are distinct but related concepts. The user is required to meet compliance for non-restrictive access. If a PIN lock is required, the device will be locked until the user selects a PIN that meets the established complexity. If the camera has been disabled, the icon is removed and the user has no way to launch the camera application. Restrictions are policy elements that are enforced without exception. Non-compliance is when a device is operating outside of the established policy.
Non-restrictive items that could cause compliance events are things such as the minimum OS version. The key point is that it is not possible to be non-compliant with a restriction. The exception is restrictions that include a grace period.
Device Scanning Intervals
The MDM client application can periodically scan the device. There are several different scans that run on different intervals. They also available as device queries:
•Device Information—General information about the device includes serial numbers, UDID, phone number, operating system, model, battery status, etc.
•Security—Includes encryption status, device compromised, data roaming, SIM card status, and the number of profiles installed but not active.
•Profiles—The installed profiles on the device, including those not installed by Fiberlink MaaS360.
•Apps—A complete inventory of all the applications installed on the device.
•Certificates—A list of the installed certificates on the device.
Scan information is available in device details screen. When a device periodically checks in with the MDM server, it will notify the server of the current scan results.