Devices are showing as non compliant in the MDM dashboard?

expand collapsive

Why my devices are showing as non compliant in the MDM dashboard?

All Replies

  • Hexnode

    Hexnode Support


    Hi Oliver,

    A device showing up as non-compliant indicates that it does not meet your policy conditions or the default criteria we have set for optimal security in an enterprise environment.

    Follow these steps to get the detailed compliance information and to restore compliance.

    1. On the list of non-compliant devices, click on any device to open up its info page.
    2. Under Device Summary, check out Compliance info, to the right.
      It’s a breakdown of the compliance criteria. Let’s have a look at them in detail

      1. MDM Profile present
        Profile compliance depends on the status of the Hexnode MDM agent/profile installed on the device

        1. A check (✔) indicates that the agent is installed and everything’s good.
        2. A warning (⚠ ) indicates that the agent has been removed from the device. You need to re-enroll the device to restore Profile compliance.
      2. Passcode compliance
        Passcode compliance depends on the Password rules you have defined in one or more policies assigned to the device.

        1. ✔ denotes that a password has been set on the device, meeting all requirements
        2. ⚠ denotes that there is no password or that it does not meet one or more policy requirements. Check out our help on Android and iOS password policies to learn more.
      3. Application compliance
        Application compliance deals with the app management aspect of the policy assigned to the device.

        1. ✔ means compliance on the app side of things
        2. ⚠ means there are blacklisted app(s)on the device or that the device is missing mandatory app(s) assigned to it. Click to expand Application Compliance. You can see the blacklisted app count and missing mandatory app details. Check out blacklisting and mandatory apps section on our help for more info.
        3. Additionally, you can click on the Install missing apps option to have the mandatory apps re-pushed again. Once the blacklisted app(s) are removed from the device and the missing mandatory apps installed, Application compliance will be restored.
      4. Profile compliance
        It’s strictly an iOS thing. Android and Windows devices are Profile compliant by design. Profile compliance depends on the status of the configuration profiles deployed on the device. That is, whether each profile corresponding to the configurations in the policy remains installed or whether it has been removed.

        1. If you see ✔, it’s all good with the profiles. If it’s ⚠, click to expand Profile Compliance and you can see the missing profile details. You can also have them re-pushed to the device, from there. Once the configuration profiles are installed on the device, Profile compliance will turn back to ✔
      5. Data Protection Enabled
        This is an additional compliance info and is not actually counted in for the device’s compliance status. The devices will show Compliant/non-compliant regardless of whether Data Protection is enabled on the device.
        Here in Hexnode MDM, Data Protection refers to Device encryption, that is, if the data stored on the device’s internal memory is encrypted and inaccessible without the decryption key. Simply put, with device encryption turned on, if your device is locked with a password, the data on your device’s internal storage can’t be accessed say, when you hook it up to a computer.
        Here’s how that works across each device platforms

        1. When you put in a passcode, iOS devices will automatically encrypt device data with the passcode. So, if the device is Passcode compliant, it will automatically show as Data protection enabled.
        2. On Android, Google has turned on encryption by default on the newer Android devices, if your device is quite old, you should consider turning on device encryption. It may take a while to encrypt the data on the storage.
        3. On Windows devices too, you can turn on device encryption in settings. Note that data encryption is a one-time thing and you’ll need to factory reset the device in order to turn encryption back off.
        4. To sum it up, even if Data Protection Enabled shows ⚠ on Android and Windows devices, they can still be Compliant, however, on iOS devices, if Data Protection Enabled shows ⚠, then it means they fail Passcode compliance and hence will be labeled Non-compliant.

    Thanks and regards
    Hexnode Support Team
    +1-866-498-9407 (US Toll Free)
    +44-(800)-3689920(UK Toll Free)
    +61-1800165939 (Australia Toll Free)
    +1-510-545-9700 (Intl)
    Hexnode | Mitsogo Inc.