Introduction #
This policy checks Android Enterprise (Fully managed, dedicated, and corporate-owned work profile) devices are not Rooted, a passcode has been set and the maximum amount of time inactivity before the device locks itself is set to 15 minutes. It will also disable the ability to perform USB debugging on the device.
Policy Settings #
Device Health
| Rooted devices | Block |
System Security
| Require a password to unlock mobile devices | Require |
| Maximum minutes of inactivity before password is required | 15 Minutes |
| Require encryption of data storage on device | Require |
| Block apps from unknown sources | Block |
| Company Portal app runtime integrity | Require |
| Block USB debugging on device | Block |
Actions for Non-Compliance #
| Mark device noncompliant | Immediately |
Assignments #
Users, Groups and Devices
| Includes | – All Users |
