Compliance Payload
A compliance payload is used to monitor devices to make sure they are in compliance with your company policies. If a device violates one of the rules established in a compliance payload, the compliance payload can automatically take actions such as sending a message to the device or restricting access to company resources. Information about device compliance is displayed in the Device Compliance widget on the Dashboards tab.
You can choose more than one vulnerability to monitor in a payload, and you can perform more than one remediation task when a vulnerability is detected. The following section provides sample scenarios of how a compliance policy may be used.
Scenarios
1.The internal expense tracking system should not be accessible by people outside of a physical office for security reasons. The administrator provides a link to the expense tracking system in LD Portal, and then creates a compliance policy that detects if a device is taken outside of a company office (geofence), and disables the links provided in LD Portal so that they are not accessible. When the device re-enters the office, the links are enabled again.
2.Mobile devices provided to end users must have location services enabled so that critical software can use the location information. The administrator creates a compliance policy that detects when location services are disabled, and displays a message on the device informing the end user to enable location services.
3.Enterprise applications shouldn't be allowed on rooted Android devices. The administrator creates a compliance policy that detects if an Android device is rooted and denies access to the enterprise applications if it is. In addition, a warning message is displayed informing the end user why those applications cannot be used.
A compliance payload has the following options
Vulnerabilities:
|
Location service disabled |
The device's location services are turned off. |
|
Device is compromised |
The device has been rooted or jailbroken, compromising security features. |
|
Device leaves geofence area |
The device has left the area defined in the geofences for the payload. Add a geofence area by clicking the Add button in the table and using the map to determine the geographical areas where the device is allowed to be. To delete an existing geofence, select the check box next to the name and click the Delete button at the top of the table. |
Remediation:
|
Send message to Portal client on device |
Sends a message to the device that is displayed in the LD Portal app. Use the drop-down menu beneath the text box to select when the message is sent to the device. |
|
Disable LD Portal |
Disables access to features in the LD Portal app. Select the check boxes for the portions of app content that you want to be unavailable to the user. Then use the drop-down menu below the check boxes to select when the features are disabled. |