Compliance Check for Profiles (iOS/Android etc) with Action Possibility
In the current version 3.0, if a user removes an installed profile (a profiled transferred by SMC), we see only a non-compliancy X in the overview or details of the device.
We should implement the possibility to take action like in the "passcode required" compliancy check, so that we define a set of profiles as "required", like we currently to with app white/blacklisting and if one or more of these profiles are removed by the user we can take action with our 3 step method (EAS block, Notification, Taskbundle).
With the task bundle in compliance check and the ability to make profiles not removable, I see very little, what can be added by this feature
AdminThomas Lippert (Principal Product Manager - Mobile, Sophos Features & Ideas Laboratory) commented
The roaming/hotspot settings are special in iOS. They are called managed settings, which the user can always change even after a profile is applied.
The only way to handle this is via a profile push from the compliance check, which resets the settings after user modification
Yannick Escudero commented
Good point Thomas, I agree with Alexis's comment and I would even go step further and put all the "Profiles" with settings that can be changed afterwards by the user manually, in a new category, for example in iOS that's the option "Roaming/Hotspot settings", even if the profile is on the device the device should show up as non-compliant, because the user changed or deleted the setting/value.
Maybe this is more something for the compliance check tab.
non-removable only works for iOS
and the main issue here is with Android where we can't verify if the profile is still applied on the device : wifi, vpn, exchange, pwd, restrictions ....