ON PREMISES SOLUTIONS

Overview

Understanding Compliance Status for mobile devices

This section explains how mobile devices become non-compliant against GravityZone security rules and the actions you can take in such situations.

Once the GravityZone Mobile Client application has been activated on a mobile device, Control Center checks if the corresponding device meets all the security compliance requirements.

Mobile devices can have the following security statuses:

  • Without Security Issues, when all compliance requirements are satisfied.

  • With Security Issues, when at least one of the compliance requirements is not satisfied.

Non-compliance criteria

A device is declared non-compliant in the following situations:

Android devices:

  • Device is rooted.

  • GravityZone Mobile Client is not Device Administrator.

  • USB Debugging is enabled.

  • Malware is not removed within one hour after detection.

  • Policy is not satisfied:

    • The user does not set the lock screen password within 24 hours after the first notification.

    • The user does not change the lock screen password at the specified time.

    • The user does not activate device encryption within seven days after the first notification.

iOS devices:

  • Device is jailbroken.

  • GravityZone Mobile Client is uninstalled from the mobile device.

  • Policy is not satisfied:

    • The user does not set the lock screen password within 24 hours after the first notification.

    • The user does not change the lock screen password at the specified time.

Default action when the device is non-compliant

When a device is declared non-compliant, the user is prompted to fix the non-compliance issue. The user must make the required changes within a specific time period, otherwise the selected action for non-compliant devices will be applied (Ignore, Deny access, Lock, Wipe or Unlink). You can change the action for non-compliant devices in the policy at any time. The new action is applied to non-compliant devices once the policy is saved.

From the menu corresponding to each device ownership type select the action to be taken when a device is declared non-compliant:

  • Ignore. Only notifies the user that the device does not comply with the mobile device usage policy.

  • Deny Access. Blocks the device access to corporate networks by deleting the Wi-Fi and VPN settings, but keeping all the other settings defined in policy. Blocked settings are restored as soon as the device becomes compliant.

  • Lock. Immediately locks the device screen.

    • On Android, the screen is locked with a password generated by GravityZone. If the user already has a lock screen password, this will be automatically changed.

    • On iOS, if the device has a lock screen password, it is asked in order to unlock.

  • Wipe. Restores the factory settings of the mobile device, permanently erasing all user data.

  • Unlink. The device is immediately removed from the network.