Monitoring for Non-Compliant Devices

When a device falls out of the scope of the smart device group used to monitor compliance, they are no longer marked as compliant in Azure AD. Non-compliant devices are unable to access company resources until they are brought back into compliance.

You can use a combination of smart device groups, mobile device apps, and configuration profiles in Jamf Pro to monitor for and remediate non-compliant devices.

  1. In Jamf Pro, create a new smart device group for the compliance criteria you want to monitor for. For example, you may want to create smart groups for devices that do no have Slack installed or that have Do Not Disturb enabled. For more information, see the Smart Groups section in the Jamf Pro Administrator's Guide.

  2. You can alert users who fall into the scope of the groups you just created by making a mobile device app or configuration profile without payloads available in the Device Compliance category in Jamf Self Service for iOS. When configuring these apps or configuration profiles, use the Description field on the Self Service tab to include a message that explains the actions your users must take to bring their device into compliance. Add the related smart group you created in step 1 to the scope of the app or configuration profile.
    For more information, see the Content Distribution Methods in Jamf Pro or Mobile Device Configuration Profiles sections in the Jamf Pro Administrator's Guide.

  3. Create one additional smart device group. This will be the smart device group used for calculating device compliance. On the Criteria tab, select "Mobile Device Group" from the list of criteria and add each of the smart groups you created in step 1. From the Operator pop-up menu, select "not member of". The smart device group will look similar to the following:

    images/download/attachments/81936303/Screen_Shot_2020-12-14_at_1.18.02_PM.png

    Note: It is recommended that you select the Send email notification on membership change checkbox so that you are notified when a device falls out of compliance.

  4. Navigate to Settings > Global Management > Device Compliance.

  5. From the Compliance Group pop-up menu, select the smart device group you just created.

You will now be notified of any change in compliance and your users will be able to take action to remediate their non-compliant devices. You can update the smart device groups at any time to add or remove compliance criteria.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.