Device Policy supports enables controlling access based on the security hygiene of user devices.
All of these device policies are blocking i.e. user access is denied if any one of them matches.
- Block all the devices which are not manually marked as "trusted" by admin.
- Block if the user can log in without a password.
Idle screen lock disabled:
- Block if screen-lock is disabled.
Remote login enabled (Workstation):
- Block if remote access (RDP, SSH) is enabled in the device
Jailbroken device (Mobile device):
- Block if the mobile device is jailbroken or rooted.
Debugging enabled (Mobile device):
- Block if the mobile device has debugging enabled.
Emulated device (Mobile device):
- Block if the mobile device is not a real device.
Disk not encrypted (Workstation):
- Block if disk encryption is not set.
Firewall disabled (Workstation):
- Block if the firewall is disabled.
Antivirus disabled (Windows only)
- Block if antivirus is disabled.