Skip Navigation

iOS
and
iPadOS
: Compliance profile settings

See Common: Compliance profile settings for descriptions of the enforcement actions that
BlackBerry UEM
can take if a device violates a compliance rule.
Compliance profile setting
Description
Jailbroken OS
This setting creates a compliance rule to ensure that devices are not jailbroken. A device is jailbroken when a user or attacker bypasses various restrictions on a device to modify the OS.
If you select this setting, users cannot complete new activations on a jailbroken device, regardless of the enforcement action that you set.
Managed device attestation failure
This setting creates a compliance rule that specifies the actions that occur when a device fails managed device attestation.
Non-assigned app is installed
This setting creates a compliance rule to ensure that devices do not have apps installed that were not assigned to the user.
This setting does not apply to devices with the
User privacy
activation type.
Required app is not installed
This setting creates a compliance rule to ensure that devices have required apps installed.
Restricted OS version is installed
This setting creates a compliance rule to ensure that devices do not have a restricted OS version installed. You can select the restricted OS versions.
If you select this setting, users cannot complete new activations for devices that are not compliant, regardless of the enforcement action that you set.
Restricted device model detected
This setting creates a compliance rule to restrict device models. You can select the devices models that are allowed or restricted.
If you select this setting, users cannot complete new activations for devices that are not compliant, regardless of the enforcement action that you set.
OS update not applied
This setting creates a compliance rule to execute compliance actions if a user does not apply a pending OS update within a time period that you specify.
Device is out of contact
This setting creates a compliance rule to ensure that devices are not out of contact with
UEM
for more than a specified amount of time. You specify the number days that a device can be out of contact with
UEM
before it is considered out of compliance.
BlackBerry Dynamics
library version verification
This setting creates a compliance rule that allows you to select the
BlackBerry Dynamics
library versions that cannot be activated. You can select the blocked library versions.
BlackBerry Dynamics
connectivity verification
This setting creates a compliance rule to monitor whether
BlackBerry Dynamics
apps are out of contact with
UEM
for more than a specified amount of time. The enforcement action is applied to
BlackBerry Dynamics
apps.
The "Base connectivity interval on authentication delegate apps" setting specifies that the connectivity verification is based on when an authentication delegate app connects to
UEM
. This setting applies only if an authentication delegate is specified in a
BlackBerry Dynamics
profile.
The "Last contact time" setting specifies the number days a device can be out of contact with
UEM
before the device is considered out of compliance.
BlackBerry Dynamics
apps don’t prompt users for compliance for this rule. If you set the “Prompt behavior” setting to “Prompt for compliance”, the user is not prompted. If the device is able to contact
UEM
, the device returns to compliance when the user opens the
BlackBerry Dynamics
app.
BlackBerry Dynamics screen capture detection on
iOS
devices
This compliance rule has been replaced with the "Do not allow screenshots on
iOS
devices" option in
BlackBerry Dynamics
profiles.
BlackBerry
recommends using the profile setting and disabling this compliance rule. This compliance rule will be deprecated in a future
UEM
release.
This setting creates a compliance rule that reacts to screen captures of
BlackBerry Dynamics
apps on devices.
The "Maximum number of screen captures within period" setting specifies the number of allowed screen captures within a specified time period.
The "Enforcement action for BlackBerry Dynamics apps" setting specifies the action that occurs if the user exceeds the allowed number of screen captures.
Restricted app is installed
This setting creates a compliance rule for
UEM
to periodically check for restricted apps, including marketplace apps. Add apps to the restricted apps list in the profile by selecting the apps from the UEM restricted app list or by selecting a built-in app (supervised devices only).
When you select this setting and a restricted app is installed on a device, a warning message and a link is displayed in the Managed devices screen in the console. When you click the link, a list of apps that are putting the device out of compliance is displayed. The list of restricted apps is also sent to the user in the compliance notification.
For supervised devices, enforcement actions for this rule are not applicable. Users are automatically prevented from installing restricted apps. If restricted apps (either built-in or installed by the user) are already installed, those apps are automatically removed from the device.
Show only allowed apps on device
This setting creates a compliance rule that specifies a list of apps that can be installed on devices, including marketplace apps. All other apps are not allowed. Add apps to the allowed apps list in the profile by selecting apps from the UEM app list or by selecting built-in apps. Some apps are included in the allowed list by default.
This setting is valid only for supervised devices.