Windows

: Compliance profile settings

This setting creates a compliance rule to ensure that devices have required apps installed.

Internal app dispositions can't be monitored.

This setting creates a compliance rule to ensure that devices do not have a restricted OS version installed as specified in this setting.

You can select the restricted OS versions.

This setting creates a compliance rule to restrict device models as specified in this setting.

Possible values:

Allow selected device models
Do not allow selected device models

You can select the device models that are allowed or restricted.

This setting creates a compliance rule to ensure that devices are not out of contact with

BlackBerry UEM

for more than a specified amount of time.

This setting creates a compliance rule that allows you to select the

BlackBerry Dynamics

library versions that cannot be activated.

You can select the blocked library versions.

This setting creates a compliance rule to ensure that

BlackBerry Dynamics

apps are not out of contact with

BlackBerry UEM

for more than a specified amount of time. The enforcement action is applied to

BlackBerry Dynamics

apps.

This setting creates a compliance rule to ensure that devices have an antivirus signature enabled.

This setting creates a compliance rule to ensure that devices have antivirus software enabled.

You can select the vendors that are allowed.

This setting creates a compliance rule to ensure that devices have a firewall enabled.

This setting creates a compliance rule to ensure that devices require encryption.

This setting creates a compliance rule to ensure that devices allow

BlackBerry UEM

to install

Windows

OS updates or notify users of required updates.

This setting creates a compliance rule to ensure that devices do not have restricted apps installed. To restrict apps, see Add an app to the restricted app list.

This setting creates a compliance rule to specify actions that occur if the attestation grace period has expired.

This setting creates a compliance rule to specify actions that occur if an AIK is not present on the device.

This setting creates a compliance rule to specify actions that occur if the DEP policy is disabled on the device.

This setting creates a compliance rule to specify actions that occur if BitLocker is disabled on the device.

This setting creates a compliance rule to specify actions that occur if Secure Boot is disabled on the device.

This setting creates a compliance rule to specify actions that occur if the Code Integrity feature is disabled on the device.

This setting creates a compliance rule to specify actions that occur if the device is in safe mode.

This setting creates a compliance rule to specify actions that occur if the device is in the Windows preinstallation environment.

This setting creates a compliance rule to specify actions that occur if the early launch antimalware driver is not loaded.

This setting creates a compliance rule to specify actions that occur if Virtual Secure Mode is disabled.

This setting creates a compliance rule to specify actions that occur if boot debugging is enabled.

This setting creates a compliance rule to specify actions that occur if OS kernel debugging is enabled.

This setting creates a compliance rule to specify actions that occur if test signing is enabled.

This setting creates a compliance rule to specify actions that occur if the boot manager revision list is not the expected version.

This setting creates a compliance rule to specify actions that occur if the code integrity revision list is not the expected version.

This setting creates a compliance rule to specify actions that occur if the code integrity policy hash is present and is not an allowed value.

This setting creates a compliance rule to specify actions that occur if the Custom Secure Boot configuration policy hash is present and is not an allowed value.

This setting creates a compliance rule to specify actions that occur if the PCR value is not an allowed value.