Change the default compliance profile
The default compliance profile is assigned to user accounts only if the user is not
assigned a compliance profile directly or through group membership. You can change the
settings of the default compliance profile but you cannot delete it.
- On the menu bar, click Library.
- In the left pane, click Compliance > Default.
- Type a description for the default compliance profile.
-
Select the check box next to the settings that you want to
configure. Do any of the following:
- If you want jailbroken or rooted devices to be considered non-compliant, select Jailbroken or rooted device.
- If you want devices with applications that you did not install to be considered non-compliant, select Non-assigned application is installed. Non-assigned applications do not include core applications that are installed with the device operating system.
- If you want devices that have not installed the latest update for optional applications to be considered non-compliant, select Optional application is not updated.
- If you want devices that do not have a required application to be considered non-compliant, select Required application is not installed.
- If you want devices that have not installed the latest update for required applications to be considered non-compliant, select Required application is not updated.
-
In the Enforcement
action drop-down list, for each setting that you selected in
step 4, configure the Universal Device Service to perform one of the following tasks when user accounts do not meet your
organization's requirements:
Task
Steps
Automatically send an email message, a device notification message, or both that advises users of a compliance issue and of the consequences.
- Select Prompt for compliance.
- In the Prompt method drop-down list, select
the type of message that you want the Universal Device Service to send. The message body comes from the
compliance notification template, which you can
update. Do one of the following:
- To send an email message, select Email.
- To send a device notification message, select Notification. Users can view the notification on the device.
- To send an email message and a device notification message, select Both.
- In the Prompt count field, specify the number of times an email message or a device notification message should be sent before the required action is enforced.
- In the Prompt interval fields, specify the time between prompts.
- In the Prompt interval expired action
drop-down list, select the action that you want the
Universal Device Service to take when the prompt period expires. For
example, if the prompt count is three and the prompt
interval is 10 minutes, the prompt period expires
after 30 minutes. Do one of the following:
- If you do not want to choose any options, select None.
- To block users from accessing your organization's resources and applications from their device, select Untrust. Data and applications are not deleted from the device.
- To delete your organization's data from the device, select Delete only work data (unmanage).
- To delete all data from the device, select Delete all data (full control device) or unmanage (user privacy device).
Block users from accessing work resources and applications from their device. Select Untrust. Data and applications are not deleted from the device. Delete work data from the device and remove the device from the user account. Select Delete only work data (unmanage). For devices that are activated with MDM controls or Work and personal - full control, delete all data from the devices and return the device to factory settings.
For devices that are activated with Work and personal - user privacy, delete work data and remove the device from the user account.
Select Delete all data (full control device) or unmanage (user privacy device). - Click Save.