Skip Navigation

Configure compliance actions to take when a device fails security patch compliance and attestation

  1. In the management console, on the menu bar, click
    Policies and profiles > Compliance > Compliance
    .
  2. Create a new compliance profile or select and edit an existing compliance profile.
  3. On the
    Android
    tab, select the
    Required security patch level is not installed
    check box.
    1. Add the required device models and corresponding security patches.
    2. Configure the prompt settings and enforcement settings for the device and
      BlackBerry Dynamics
      apps if the device does not satisfy the required patch level.
  4. In the
    BlackBerry Protect
    section, select the
    Hardware attestation failed
    check box.
    1. Configure the prompt settings (behavior, method, count, and interval) as desired.
    2. In the
      Enforcement action for BlackBerry Dynamics apps
      drop-down list, choose one of the following actions to take when a device fails attestation or does not respond in the configured grace period:
      • To log information about the compliance issue without taking a compliance action for
        BlackBerry Dynamics
        apps, click
        Monitor and log
        .
      • To prevent the user from accessing
        BlackBerry Dynamics
        apps while out of compliance, click
        Do not allow BlackBerry Dynamics apps to run
        .
  5. If you want to set the minimum security level for the hardware attestation certificate and the actions that are executed if that level is not met, select the
    Hardware attestation security level
    check box.
    1. In the
      Minimum security level
      required drop-down list, select the appropriate option (Software, Trusted Environment, or StrongBox). For more information, see SecurityLevel on the Android Developers site.
    2. Configure the prompt settings (behavior, method, count, and interval) as desired.
    3. In the
      Enforcement action for BlackBerry Dynamics apps
      drop-down list, choose one of the following actions:
      • To log information about the compliance issue without taking a compliance action for
        BlackBerry Dynamics
        apps, click
        Monitor and log
        .
      • To prevent the user from accessing
        BlackBerry Dynamics
        apps while out of compliance, click
        Do not allow BlackBerry Dynamics apps to run
        .
  6. If you want to execute compliance actions when the hardware attestation boot state is unverified, select the
    Hardware attestation boot state is unverified
    check box.
    1. Configure the prompt settings (behavior, method, count, and interval) as desired.
    2. In the
      Enforcement action for BlackBerry Dynamics apps
      drop-down list, choose one of the following actions:
      • To log information about the compliance issue without taking a compliance action for
        BlackBerry Dynamics
        apps, click
        Monitor and log
        .
      • To prevent the user from accessing
        BlackBerry Dynamics
        apps while out of compliance, click
        Do not allow BlackBerry Dynamics apps to run
        .
  7. Click
    Add
    or
    Save
    .
  • Assign the profile to users and groups.
  • You can view information about compliance violations on the Managed devices screen (filter by compliance violations) or in a user's device details.