With Android EMM, you have the ability to secure the Android devices within your organization and to enforce the security measures that you configure. The Compliance Enforcement policy lets you configure specific scalable actions to take when devices aren’t compliant with the policies you’ve established – you control when to block the device, and when to wipe the device, if desired.
Prerequisites:
- ºÚÁϺ£½Ç91Èë¿Ú’s Android Enterprise Management Mobility (EMM) is configured for your organization. See Set up Android EMM.
- Your Android devices are enrolled in EMM. See Add and Manage Android Devices and Users: Enroll Your Personal Android Device.
Considerations:
- Applies to devices on Android 7.0 or later.
- Supports the following management modes:
- Work Profile - Personal device
- Work Profile - Company-owned device
- Fully Managed device
- Dedicated device
To create an Android Compliance Enforcement policy:
- Log in to the .
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Android tab.
- Select the Compliance Enforcement policy from the list, then click configure.
- On the New Policy panel, optionally enter a new name for the policy, or keep the default. Policy names must be unique.
- For Policy Notes, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, complete these fields for each policy specified:
- Policy: Select the policy group you want to apply the compliance enforcement actions to:
- Password - See Create a Passcode Policy for parent policy information.
- Minimum API Level - See Create an Application-Based Restrictions Policy for parent policy information.
- Lock Screen - See Create a Lock Screen Policy for parent policy information.
- Encryption - See Create a Device Restrictions Policy for parent policy information.
- VPN - See Create a VPN Policy for parent policy information.
- Block Noncompliant Devices After: Enter a number from 0-30 representing the number of days after which a noncompliant device is blocked from accessing apps and data on the device.
- Apply Block To: Select Work Profile to block use of apps in the Work Profile only (apps in the Personal Profile remain unaffected), or Device to block apps in both the Work Profile and the Personal Profile.
- Wipe Noncompliant Devices After: Enter a number from 0-30 representing the number of days after which a noncompliant device is wiped. A wipe will either reset the device, or delete the device’s Work Profile. This number should be greater than the number of days configured for the block action.
- Preserve Factory Reset Protection Data: Select whether to preserve the Android Factory Reset Protection data on the device.
- Policy: Select the policy group you want to apply the compliance enforcement actions to:
To apply a block immediately, set Block Noncompliant Devices After to 0.
To unblock a non-compliant device that has been blocked as a result of this policy, the end user will need to bring the device into compliance, or the Admin will need to remove the policy from the device.
A factory reset erases all data from the phone.
- (Optional) Select the Device Groups tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Select the Devices tab. Select one or more devices where you’ll apply this policy.
For this policy to take effect, you must specify a device or a device group.
- Click + to add additional policy compliance rules.
- Click save.