Create compliance rules

To create compliance rules:

  1. On the menu sidebar, under CONFIGURE, click Compliance rules.
  2. On the Compliance rules page, click Create compliance rules.
  3. Enter a Name and an optional Description for the new set of compliance rules.

The Compliance rules page contains individual tabs for the device platforms that are activated for the customer. Repeat the following steps for all required platforms.

  1. Make sure that the Enable platform check box on each tab is selected.
    If this check box is not selected, devices of that platform are not checked for compliance.
  2. Under Rule, configure the compliance rules for the particular platform.

    Each compliance rule has a fixed severity level (high, medium, low) that is depicted by a blue icon. The severity helps you to assess the importance of each rule and the actions you should implement when it is violated.

    If you have defined app groups, you can assign these to the compliance rules Allowed apps, Forbidden apps and Mandatory apps.

  3. Under If rule is violated, define the actions that will be taken when a rule is violated:
    Option Description
    Deny email Forbid email access.

    This action can only be taken if the super administrator has configured a connection to the internal or to the standalone EAS Proxy. See the Sophos Mobile Control super administrator guide.

    Lock container Disable the Sophos Secure Workspace and Secure Email apps. This affects document, email and web access that is managed by these apps.

    This action can only be taken when you have activated an SMC Advanced license.

    This option is only relevant for Android and iOS devices.

    Deny network Forbid network access.

    This action can only be taken if the super administrator has configured Network Access Control. See the Sophos Mobile Control super administrator guide.

    Notify admin Send compliance emails to selected recipients.

    The list of recipients and the time schedule is specified collectively for all sets of compliance rules that you create. See the instructions later in this section.

    Transfer task bundle Transfer a specific task bundle to the device.

    Select a task bundle from the list, or select None to transfer no task bundle when the compliance rule is violated.

    Important: When used incorrectly, task bundles may misconfigure or even wipe devices. To assign the correct task bundles to compliance rules, an in-depth knowledge of the system is required.
  4. When you have made the settings for all required platforms, click Save to save the set of compliance rules under the name that you specified.
    The new set is displayed on the Compliance rules page.
  5. If you have selected the Notify admin action for one of the compliance rules, click Compliance email settings to specify the recipients that will receive compliance emails and the times when compliance emails are sent.
    You can specify the recipients either by entering the name of an administrator or by entering a valid email address.
    Note: These are common settings that apply to all compliance rules that have a Notify admin action.
  6. Click Save to save the compliance email settings.