Monitoring for Non-Compliant Devices

When a device falls out of the scope of the smart device group used to monitor compliance, it is no longer marked as compliant in Azure AD. Non-compliant devices are unable to access company resources until they are brought back into compliance.

You can use a combination of smart device groups, mobile device apps, and configuration profiles in Jamf Pro to monitor for and remediate non-compliant devices.

  1. In Jamf Pro, create a new smart device group for the compliance criteria you want to monitor for.

    You may want to create smart groups for devices that do not have Slack installed or that have Do Not Disturb enabled.

  2. Alert users who fall into the scope of the groups you just created by making a mobile device app or configuration profile without payloads available in the Device Compliance category in Jamf Self Service for iOS.
    1. When configuring these apps or configuration profiles, use the Description field on the Self Service tab to include a message that explains requirements for device compliance.
    2. Add the related smart group you created in step 1 to the scope of the app or configuration profile.

      For more information, see the Content Distribution Methods in Jamf Pro or Mobile Device Configuration Profiles sections in the Jamf Pro Documentation.

  3. Create one additional smart device group to use for calculating device compliance:
    1. On the Criteria tab, select "Mobile Device Group" from the list of criteria and add each of the smart groups you created in step 1.
    2. From the Operator pop-up menu, select not member of.
      Best Practice:

      Jamf recommends that you select the Send email notification on membership change checkbox so that you are notified when a device falls out of compliance.

    3. Navigate to Settings > Global Management > Device Compliance.
    4. Select the smart device group you just created from the Compliance Group pop-up menu.

You will now be notified of any change in compliance and your users will be able to take action to remediate their non-compliant devices.

Update the smart device groups at any time to add or remove compliance criteria.