This topic contains 1 reply, has 2 voices, and was last updated by Hexnode Support 1 year, 11 months ago. This post has been viewed 3923 times
August 17, 2017 at 6:11 pm #503
Why my devices are showing as non compliant in the MDM dashboard?
September 18, 2017 at 5:49 am #641
- This topic was modified 2 years ago by Oliver.
Hexnode SupportHexnode MDM1 pt
A device showing up as non-compliant indicates that it does not meet your policy conditions or the default criteria we have set for optimal security in an enterprise environment.
Follow these steps to get the detailed compliance information and to restore compliance.
- On the list of non-compliant devices, click on any device to open up its info page.
- Under Device Summary, check out Compliance info, to the right.
It’s a breakdown of the compliance criteria. Let’s have a look at them in detail
- MDM Profile present
Profile compliance depends on the status of the Hexnode MDM agent/profile installed on the device
- A check (✔) indicates that the agent is installed and everything’s good.
- A warning (⚠ ) indicates that the agent has been removed from the device. You need to re-enroll the device to restore Profile compliance.
- Passcode compliance
Passcode compliance depends on the Password rules you have defined in one or more policies assigned to the device.
- Application compliance
Application compliance deals with the app management aspect of the policy assigned to the device.
- ✔ means compliance on the app side of things
- ⚠ means there are blacklisted app(s)on the device or that the device is missing mandatory app(s) assigned to it. Click to expand Application Compliance. You can see the blacklisted app count and missing mandatory app details. Check out blacklisting and mandatory apps section on our help for more info.
- Additionally, you can click on the Install missing apps option to have the mandatory apps re-pushed again. Once the blacklisted app(s) are removed from the device and the missing mandatory apps installed, Application compliance will be restored.
- Profile compliance
It’s strictly an iOS thing. Android and Windows devices are Profile compliant by design. Profile compliance depends on the status of the configuration profiles deployed on the device. That is, whether each profile corresponding to the configurations in the policy remains installed or whether it has been removed.
- If you see ✔, it’s all good with the profiles. If it’s ⚠, click to expand Profile Compliance and you can see the missing profile details. You can also have them re-pushed to the device, from there. Once the configuration profiles are installed on the device, Profile compliance will turn back to ✔
- Data Protection Enabled
This is an additional compliance info and is not actually counted in for the device’s compliance status. The devices will show Compliant/non-compliant regardless of whether Data Protection is enabled on the device.
Here in Hexnode MDM, Data Protection refers to Device encryption, that is, if the data stored on the device’s internal memory is encrypted and inaccessible without the decryption key. Simply put, with device encryption turned on, if your device is locked with a password, the data on your device’s internal storage can’t be accessed say, when you hook it up to a computer.
Here’s how that works across each device platforms
- When you put in a passcode, iOS devices will automatically encrypt device data with the passcode. So, if the device is Passcode compliant, it will automatically show as Data protection enabled.
- On Android, Google has turned on encryption by default on the newer Android devices, if your device is quite old, you should consider turning on device encryption. It may take a while to encrypt the data on the storage.
- On Windows devices too, you can turn on device encryption in settings. Note that data encryption is a one-time thing and you’ll need to factory reset the device in order to turn encryption back off.
- To sum it up, even if Data Protection Enabled shows ⚠ on Android and Windows devices, they can still be Compliant, however, on iOS devices, if Data Protection Enabled shows ⚠, then it means they fail Passcode compliance and hence will be labeled Non-compliant.
- MDM Profile present
Thanks and regards
Hexnode Support Team
+1-866-498-9407 (US Toll Free)
+44-(800)-3689920(UK Toll Free)
+61-1800165939 (Australia Toll Free)
Hexnode | Mitsogo Inc.
You must be logged in to reply to this topic.