Windows

: Compliance profile settings

This setting creates a compliance rule to ensure that devices have required apps installed. Internal app dispositions can't be monitored.

This setting creates a compliance rule to ensure that devices do not have a restricted OS version installed. You can select the restricted OS versions.

This setting creates a compliance rule to restrict device models. You can select the device models that are allowed or restricted.

This setting creates a compliance rule to ensure that devices are not out of contact with

UEM

for more than a specified amount of time.

This setting creates a compliance rule that allows you to select the

BlackBerry Dynamics

library versions that cannot be activated. You can select the blocked library versions.

This setting creates a compliance rule to ensure that

BlackBerry Dynamics

apps are not out of contact with

UEM

for more than a specified amount of time. The enforcement action is applied to

BlackBerry Dynamics

apps.

This setting creates a compliance rule to ensure that devices have an antivirus signature enabled.

This setting creates a compliance rule to ensure that devices have antivirus software enabled. You can select the vendors that are allowed.

This setting creates a compliance rule to ensure that devices have a firewall enabled.

This setting creates a compliance rule to ensure that devices require encryption.

This setting creates a compliance rule to ensure that devices allow

UEM

to install

Windows

OS updates or notify users of required updates.

This setting creates a compliance rule to ensure that devices do not have restricted apps installed. To restrict apps, see Add an app to the restricted app list.

This setting creates a compliance rule to specify actions that occur if the attestation grace period has expired.

This setting creates a compliance rule to specify actions that occur if an AIK is not present on the device.

This setting creates a compliance rule to specify actions that occur if the DEP policy is disabled on the device.

This setting creates a compliance rule to specify actions that occur if BitLocker is disabled on the device.

This setting creates a compliance rule to specify actions that occur if Secure Boot is disabled on the device.

This setting creates a compliance rule to specify actions that occur if the code integrity feature is disabled on the device.

This setting creates a compliance rule to specify actions that occur if the device is in safe mode.

This setting creates a compliance rule to specify actions that occur if the device is in the

Windows

preinstallation environment.

This setting creates a compliance rule to specify actions that occur if the early launch antimalware driver is not loaded.

This setting creates a compliance rule to specify actions that occur if Virtual Secure Mode is disabled.

This setting creates a compliance rule to specify actions that occur if boot debugging is enabled.

This setting creates a compliance rule to specify actions that occur if OS kernel debugging is enabled.

This setting creates a compliance rule to specify actions that occur if test signing is enabled.

This setting creates a compliance rule to specify actions that occur if the boot manager revision list is not the expected version. You specify the expected version.

This setting creates a compliance rule to specify actions that occur if the code integrity revision list is not the expected version. You specify the expected version.

This setting creates a compliance rule to specify actions that occur if the code integrity policy hash is present and is not an allowed value. You specify the allowed values.

This setting creates a compliance rule to specify actions that occur if the Custom Secure Boot configuration policy hash is present and is not an allowed value. You specify the allowed values.

This setting creates a compliance rule to specify actions that occur if the PCR value is not an allowed value. You specify the allowed values.