Configure compliance actions to take when a device fails security patch compliance and attestation
- In the management console, on the menu bar, clickPolicies and profiles > Compliance > Compliance.
- Create a new compliance profile or select and edit an existing compliance profile.
- On theAndroidtab, select theRequired security patch level is not installedcheck box.
- Add the required device models and corresponding security patches.
- Configure the prompt settings and enforcement settings for the device andBlackBerry Dynamicsapps if the device does not satisfy the required patch level.
- In theCylancePROTECTsection, select theHardware attestation failedcheck box.
- Configure the prompt settings (behavior, method, count, and interval) as desired.
- In theEnforcement action for BlackBerry Dynamics appsdrop-down list, choose one of the following actions to take when a device fails attestation or does not respond in the configured grace period:
- To log information about the compliance issue without taking a compliance action forBlackBerry Dynamicsapps, clickMonitor and log.
- To prevent the user from accessingBlackBerry Dynamicsapps while out of compliance, clickDo not allow BlackBerry Dynamics apps to run.
- If you want to set the minimum security level for the hardware attestation certificate and the actions that are executed if that level is not met, select theHardware attestation security levelcheck box.
- In theMinimum security levelrequired drop-down list, select the appropriate option (Software, Trusted Environment, or StrongBox). For more information, see SecurityLevel on the Android Developers site.
- Configure the prompt settings (behavior, method, count, and interval) as desired.
- In theEnforcement action for BlackBerry Dynamics appsdrop-down list, choose one of the following actions:
- To log information about the compliance issue without taking a compliance action forBlackBerry Dynamicsapps, clickMonitor and log.
- To prevent the user from accessingBlackBerry Dynamicsapps while out of compliance, clickDo not allow BlackBerry Dynamics apps to run.
- If you want to execute compliance actions when the hardware attestation boot state is unverified, select theHardware attestation boot state is unverifiedcheck box.
- Configure the prompt settings (behavior, method, count, and interval) as desired.
- In theEnforcement action for BlackBerry Dynamics appsdrop-down list, choose one of the following actions:
- To log information about the compliance issue without taking a compliance action forBlackBerry Dynamicsapps, clickMonitor and log.
- To prevent the user from accessingBlackBerry Dynamicsapps while out of compliance, clickDo not allow BlackBerry Dynamics apps to run.
- ClickAddorSave.
- Assign the profile to users and groups.
- You can view information about compliance violations on the Managed devices screen (filter by compliance violations) or in a user's device details. You can also use the compliance event screen to monitor and track compliance events.