Windows: Compliance profile settings Skip Navigation

Windows
: Compliance profile settings

See Common: Compliance profile settings for descriptions of the possible actions if you select a compliance rule.
Windows
: Compliance profile setting
Description 
Required app is not installed
This setting creates a compliance rule to ensure that devices have required apps installed.
Internal app dispositions can't be monitored.
Restricted OS version is installed
This setting creates a compliance rule to ensure that devices do not have a restricted OS version installed as specified in this setting.
You can select the restricted OS versions.
Restricted device model detected
This setting creates a compliance rule to restrict device models as specified in this setting.
Possible values:
  • Allow selected device models
  • Do not allow selected device models
You can select the device models that are allowed or restricted.
Device out of contact
This setting creates a compliance rule to ensure that devices are not out of contact with 
BlackBerry UEM
 for more than a specified amount of time.
BlackBerry Dynamics
 library version verification
This setting creates a compliance rule that allows you to select the 
BlackBerry Dynamics
 library versions that cannot be activated.
You can select the blocked library versions.
BlackBerry Dynamics
 connectivity verification
This setting creates a compliance rule to ensure that 
BlackBerry Dynamics
 apps are not out of contact with 
BlackBerry UEM
 for more than a specified amount of time. The enforcement action is applied to 
BlackBerry Dynamics
 apps.
Antivirus signature
This setting creates a compliance rule to ensure that devices have an antivirus signature enabled.
Antivirus status
This setting creates a compliance rule to ensure that devices have antivirus software enabled.
You can select the vendors that are allowed. 
Firewall status
This setting creates a compliance rule to ensure that devices have a firewall enabled.
Encryption status
This setting creates a compliance rule to ensure that devices require encryption.
Windows update status
This setting creates a compliance rule to ensure that devices allow 
BlackBerry UEM
 to install 
Windows
 OS updates or notify users of required updates. 
Restricted app is installed
This setting creates a compliance rule to ensure that devices do not have restricted apps installed. To restrict apps, see Add an app to the restricted app list.
Grace period expired
This setting creates a compliance rule to specify actions that occur if the attestation grace period has expired.
Attestation Identity Key not present
This setting creates a compliance rule to specify actions that occur if an AIK is not present on the device.
Data Execution Prevention Policy is disabled
This setting creates a compliance rule to specify actions that occur if the DEP policy is disabled on the device.
BitLocker is disabled
This setting creates a compliance rule to specify actions that occur if BitLocker is disabled on the device.
Secure Boot is disabled
This setting creates a compliance rule to specify actions that occur if Secure Boot is disabled on the device.
Code integrity is disabled
This setting creates a compliance rule to specify actions that occur if the Code Integrity feature is disabled on the device.
Device is in safe mode
This setting creates a compliance rule to specify actions that occur if the device is in safe mode.
Device is in Windows preinstallation environment
This setting creates a compliance rule to specify actions that occur if the device is in the Windows preinstallation environment.
Early launch antimalware driver is not loaded
This setting creates a compliance rule to specify actions that occur if the early launch antimalware driver is not loaded.
Virtual Secure Mode is disabled
This setting creates a compliance rule to specify actions that occur if Virtual Secure Mode is disabled.
Boot debugging is enabled
This setting creates a compliance rule to specify actions that occur if boot debugging is enabled.
OS kernel debugging is enabled
This setting creates a compliance rule to specify actions that occur if OS kernel debugging is enabled.
Test signing is enabled
This setting creates a compliance rule to specify actions that occur if test signing is enabled.
Boot manager revision list is not the expected version
This setting creates a compliance rule to specify actions that occur if the boot manager revision list is not the expected version.
Code Integrity revision list is not the expected version
This setting creates a compliance rule to specify actions that occur if the code integrity revision list is not the expected version.
Code Integrity policy hash is present and is not an allowed value
This setting creates a compliance rule to specify actions that occur if the code integrity policy hash is present and is not an allowed value.
Custom Secure Boot configuration policy hash is present and is not an allowed value
This setting creates a compliance rule to specify actions that occur if the Custom Secure Boot configuration policy hash is present and is not an allowed value.
PCR value is not an allowed value
This setting creates a compliance rule to specify actions that occur if the PCR value is not an allowed value.