Windows: Compliance profile settings
Windows
: Compliance profile settingsSee Common: Compliance profile settings for descriptions of the possible actions if you select a compliance rule.
Windows : Compliance profile setting | Description |
---|---|
Required app is not installed | This setting creates a compliance rule to ensure that devices have required apps installed. Internal app dispositions can't be monitored. |
Restricted OS version is installed | This setting creates a compliance rule to ensure that devices do not have a restricted OS version installed as specified in this setting. You can select the restricted OS versions. |
Restricted device model detected | This setting creates a compliance rule to restrict device models as specified in this setting. Possible values:
|
Device out of contact | This setting creates a compliance rule to ensure that devices are not out of contact with BlackBerry UEM for more than a specified amount of time. |
BlackBerry
Dynamics library version verification | This setting creates a compliance rule that allows you to select the BlackBerry
Dynamics library versions that cannot be activated.You can select the blocked library versions. |
BlackBerry
Dynamics connectivity verification | This setting creates a compliance rule to ensure that BlackBerry
Dynamics apps are not out of contact with BlackBerry UEM for more than a specified amount of time. The enforcement action is applied to BlackBerry
Dynamics apps. |
Antivirus signature | This setting creates a compliance rule to ensure that devices have an antivirus signature enabled. |
Antivirus status | This setting creates a compliance rule to ensure that devices have antivirus software enabled. You can select the vendors that are allowed. |
Firewall status | This setting creates a compliance rule to ensure that devices have a firewall enabled. |
Encryption status | This setting creates a compliance rule to ensure that devices require encryption. |
Windows update status | This setting creates a compliance rule to ensure that devices allow BlackBerry UEM to install Windows OS updates or notify users of required updates. |
Restricted app is installed | This setting creates a compliance rule to ensure that devices do not have restricted apps installed. To restrict apps, see Add an app to the restricted app list. |
Grace period expired | This setting creates a compliance rule to specify actions that occur if the attestation grace period has expired. |
Attestation Identity Key not present | This setting creates a compliance rule to specify actions that occur if an AIK is not present on the device. |
Data Execution Prevention Policy is disabled | This setting creates a compliance rule to specify actions that occur if the DEP policy is disabled on the device. |
BitLocker is disabled | This setting creates a compliance rule to specify actions that occur if BitLocker is disabled on the device. |
Secure Boot is disabled | This setting creates a compliance rule to specify actions that occur if Secure Boot is disabled on the device. |
Code integrity is disabled | This setting creates a compliance rule to specify actions that occur if the Code Integrity feature is disabled on the device. |
Device is in safe mode | This setting creates a compliance rule to specify actions that occur if the device is in safe mode. |
Device is in Windows preinstallation environment | This setting creates a compliance rule to specify actions that occur if the device is in the Windows preinstallation environment. |
Early launch antimalware driver is not loaded | This setting creates a compliance rule to specify actions that occur if the early launch antimalware driver is not loaded. |
Virtual Secure Mode is disabled | This setting creates a compliance rule to specify actions that occur if Virtual Secure Mode is disabled. |
Boot debugging is enabled | This setting creates a compliance rule to specify actions that occur if boot debugging is enabled. |
OS kernel debugging is enabled | This setting creates a compliance rule to specify actions that occur if OS kernel debugging is enabled. |
Test signing is enabled | This setting creates a compliance rule to specify actions that occur if test signing is enabled. |
Boot manager revision list is not the expected version | This setting creates a compliance rule to specify actions that occur if the boot manager revision list is not the expected version. |
Code Integrity revision list is not the expected version | This setting creates a compliance rule to specify actions that occur if the code integrity revision list is not the expected version. |
Code Integrity policy hash is present and is not an allowed value | This setting creates a compliance rule to specify actions that occur if the code integrity policy hash is present and is not an allowed value. |
Custom Secure Boot configuration policy hash is present and is not an allowed value | This setting creates a compliance rule to specify actions that occur if the Custom Secure Boot configuration policy hash is present and is not an allowed value. |
PCR value is not an allowed value | This setting creates a compliance rule to specify actions that occur if the PCR value is not an allowed value. |